[Plura-list] Why is this Canadian university scared of you seeing its Privacy Impact Assessment?
Cory Doctorow
doctorow at craphound.com
Thu Aug 1 11:54:32 EDT 2024
Read today's issue online at: https://pluralistic.net/2024/08/01/eruditio-libertas-est/
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
I'm coming to Defcon! On Aug 9, I'm emceeing the EFF Poker Tournament (noon, Horseshoe Poker Room), and speaking on the Bricked and Abandoned panel (5PM, track 1). On Aug 10, I'm giving a keynote called "Disenshittify or die! How hackers can seize the means of computation and build a new, good internet that is hardened against our asshole bosses' insatiable horniness for enshittification" (noon, track 1).
https://defcon.org/html/defcon-32/dc-32-index.html
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
Support me this summer on the Clarion Write-A-Thon and help raise money for the Clarion Science Fiction and Fantasy Writers' Workshop!
https://clarionwriteathon.com/members/profile.php?writerid=293388
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
Today's links
* Why is this Canadian university scared of you seeing its Privacy Impact Assessment: What is Langara College so afraid of?
* Hey look at this: Delights to delectate.
* This day in history: 2009, 2019
* Upcoming appearances: Where to find me.
* Recent appearances: Where I've been.
* Latest books: You keep readin' em, I'll keep writin' 'em.
* Upcoming books: Like I said, I'll keep writin' 'em.
* Colophon: All the rest.
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
🏈 Why is this Canadian university scared of you seeing its Privacy Impact Assessment?
Barbra Streisand is famous for many things: her exciting performances on the big screen, the small screen, and the stage; her Grammy-winning career as a musician (she's a certified EGOT!); and for all the times she's had to correct people who've added an extra vowel to the spelling of her first name (I can relate!).
But a thousand years from now, her legacy is likely to be linguistic, rather than artistic. The "Streisand Effect" - coined by Mike Masnick - describes what happens when someone tries to suppress a piece of information, only to have that act of attempted suppression backfire by inciting vastly more interest in the subject:
https://en.wikipedia.org/wiki/Streisand_effect
The term dates to 2003, when Streisand sued the website Pictopia and its proprietors for $50m for reproducing an image from the publicly available California Coastal Records Project (which produces a timeseries of photos of the California coastline in order to track coastal erosion). The image ("Image 3850") incidentally captured the roofs of Streisand's rather amazing coastal compound, which upset Streisand.
But here's the thing: before Streisand's lawsuit, Image 3850 had only been viewed *six times*. After she filed the case, another *420,000 people* downloaded that image. Not only did Streisand lose her suit (disastrously so - she was ordered to pay the defendants' lawyers $177,000 in fees), but she catastrophically failed in her goal of keeping this boring, obscure photo from being seen:
https://en.wikipedia.org/wiki/Streisand_effect
Streisand has since called the suit "a mistake." On the one hand, that is *very obviously true*, but on the other hand, it's still admirable, given how many other failed litigants went to their graves insisting that their foolish and expensive legal gambit was, in fact, *very smart* and we are all *very stupid* for failing to understand that.
Which brings me to Ian Linkletter and the Canadian Privacy Library. Linkletter is the librarian and founder of the nonprofit Canadian Privacy Library, a newish online library that collects and organizes privacy-related documents from Canadian public institutions. Linkletter kicked off the project with the goal of collecting the Privacy Impact Assessments from every public university in Canada, starting in his home province of BC.
These PIAs are a legal requirement whenever a public university procures a piece of software, and they're no joke. Ed-tech vendors are pretty goddamned cavalier when it comes to student privacy, as Linkletter knows well. Back in 2020, Linkletter was an ed-tech specialist for the University of British Columbia, where he was called upon to assess Proctorio, a "remote invigilation" tool that monitored remote students while they sat exams.
This is a *nightmare* category of software, a mix of high-tech phrenology (vendors claim that they can tell when students are cheating by using "AI" to analyze their faces); arrogant techno-sadism (vendors requires students - including those sharing one-room apartments with "essential worker" parents on night shifts who sleep during the day - to pan their cameras around to prove that they are alone); digital racism (products are so bad at recognizing Black faces that some students have had to sit exams with multiple task-lights shining directly onto their faces); and bullshit (vendors routinely lie about their tools' capabilities and efficacy).
Worst: remote invigilation is grounded in the pedagogically bankrupt idea that learning is best (or even plausibly) assessed through high-stakes testing. The kind of person who wants to use these tools generally has *no* idea how learning works and thinks of students as presumptively guilty cheats. They monitor test-taking students in realtime, and have been known to jiggle test-takers' cursors impatiently when students think too long about their answers. Remote invigilation also captures the eye-movements of test-takers, flagging people who look away from the screen while thinking for potential cheating. No wonder that many students who sit exams under these conditions find themselves so anxious that they vomit or experience diarrhea, carefully staring directly into the camera as they shit themselves or vomit down their shirts, lest they be penalized for looking away or visiting the toilet.
Linkletter quickly realized that Proctorio is a worst-in-class example of a dreadful category. The public-facing materials the company provided about its products were flatly contradicted by the materials they provided to educators, where all the really *nasty* stuff was buried. The company - whose business exploded during the covid lockdowns - is helmed by CEO Mike Olsen, a nasty piece of work who once doxed a child who criticized him in an online forum:
https://pluralistic.net/2020/07/01/bossware/#moral-exemplar
Proctorio's products are shrouded in secrecy. In 2020, for reasons never explained, all the (terrible, outraged) reviews of its browser plugin disappeared from the Chrome store:
https://pluralistic.net/2021/09/04/hypervigilance/#radical-transparency
Linkletter tweeted his alarming findings, publishing links to the unlisted, but publicly available Youtube videos where Proctorio explained how its products *really* worked. Proctorio then *sued* Linkletter, for *copyright infringement*.
Proctorio's argument is that by linking to materials that *they* published on Youtube with permissions that let anyone with the link see them, Linkletter infringed upon their copyright. When Linkletter discovered that these videos *already* had publicly available links, indexed by Google, in the documentation produced by other Proctorio customers for students and teachers, Proctorio doubled down and argued that by collecting these publicly available links to publicly available videos, Linkletter had still somehow infringed on their copyright.
Luckily for Linkletter, BC has an anti-SLAPP law that is supposed to protect whistleblowers facing legal retaliation for publishing protected speech related to matters of public interest (like whether BC's flagship university has bought a defective and harmful product that its students will be forced to use). *Unluckily* for Linkletter, the law is brand new, lacks jurisprudence, and the courts have decided that he can't use a SLAPP defense and his case must go to trial:
https://pluralistic.net/2023/04/20/links-arent-performances/#free-ian-linkletter
Linkletter *could* have let that experience frighten him away from the kind of principled advocacy that riles up deep-pocketed, thin-skinned bullies. Instead, he doubled down, founding the Canadian Privacy Library, with the goal of using Freedom of Information requests to catalog all of Canada's post-secondary institutions' privacy assessments. Given how many bodies he found buried in Proctorio's back yard, this feels like the kind of thing that should be made more visible to Canadians.
There are 25 public universities in BC, and Linkletter FOI'ed them all. Eleven provided their PIAs. Eight sent him an estimate of what it would cost them (and thus what they would charge) to assemble these docs for him. Six requested extensions.
One of them threatened to sue.
Langara College is a 19,000-student spinout of Vancouver Community College whose motto is *Eruditio Libertas Est* ("Knowledge is Freedom"). Linkletter got their 2019 PIA for Microsoft's Office 365 when he FOI'ed the Nicola Valley Institute of Technology (universities often recycle one another's privacy impact assessments, which is fine).
That's where the trouble started. In June, Langara sent Linkletter a letter demanding that he remove their Office 365 PIA; the letter CC'ed two partners in a law firm, and accused Linkletter of copyright infringement. But that's not how copyright - or public records - work. As Linkletter writes, the PIA is "a public record lawfully obtained through an FOI request" - it is neither exempted from disclosure, nor is it confidential:
https://www.privacylibrary.ca/legal-threat/
Langara claims that in making their mandatory Privacy Impact Assessment for Office 365 available, Linkletter has exposed them to "heightened risks of data breaches and privacy incidents," they provided no evidence to support this assertion.
I think they're full of shit, but you don't have to take my word for it. After initially removing the PIA, Linkletter restored it, and you can read it for yourself:
https://www.privacylibrary.ca/langara-college-privacy-impact-assessments/
I read it. It is pretty goddamned anodyne - about as exciting as looking at the roof of Barbra Streisand's mansion.
Sometimes, where there's smoke, there's only Streisand - a person who has foolishly decided to use the law to bully a weaker stranger out of disclosing some innocuous and publicly available fact about themselves. But sometimes, where there's smoke, there's fire. A lot of people who read my work are much more familiar with ed-tech, privacy, and pedagogy than I am. If that's you, maybe you want to peruse the Langara PIA to see if they are hiding something because they're exposing their students to privacy risks and don't want that fact to get out.
There are plenty of potential privacy risks in Office 365! The cloud version of Microsoft Office contains a "bossware" mode that allows bosses to monitor their workers' keystrokes for spelling, content, and accuracy, and produce neat charts of which employees are least "productive." The joke's on the boss, though: Office 365 also has a tool that lets you compare your department's usage of Office 365 to your competitors, which is another way of saying that Microsoft is gathering your trade secrets and handing it out to your direct competitors:
https://pluralistic.net/2021/02/24/gwb-rumsfeld-monsters/#bossware
So, yeah, there are lots of "features" in Office 365 that could give rise to privacy threats when it is used at a university. One hopes that Langara correctly assessed these risks and accounted for them in its PIA, which would mean that they are bullying Linkletter out of reflex, rather than to cover up wrongdoing. But there's only one way to find out: go through the doc that Linkletter has restored to public view.
Linkletter has *excellent* pro bono representation from Norton Rose Fulbright, a large and powerful law-firm that is handling his Proctorio case. Linkletter writes, "they have put this public college on notice that any proceeding is liable to be dismissed pursuant to the Protection of Public Participation Act, BC’s anti-SLAPP legislation."
Langara has now found themselves at the bottom of a hole, and if they're smart, they'll stop digging.
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
🏈 Hey look at this
* #FakeYou An Activist’s Guide to Defeating Disinformation https://xnet-x.net/en/fakeyou-disinformation-free-download/
* What is the Fediverse? https://www.youtube.com/watch?v=QzYozbNneVc
* We need a new internet https://www.fierce-network.com/cloud/op-ed-we-need-new-internet
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
🏈 This day in history
#15yrsago Call for submissions for an event to honor Toronto’s venerable, shuttered Pages Books https://quillandquire.com/book-news/2009/07/29/pages-requests-memories-for-send-off-bash/
#15yrsago Matrix Online goes out with a party, not a whimper https://web.archive.org/web/20090802104032/http://www.massively.com/2009/07/27/reminder-check-out-the-matrix-online-before-it-decompiles/
#15yrsago India’s airlines to ground all planes and press for bailout https://timesofindia.indiatimes.com/india/no-private-airlines-to-fly-on-aug-18/articleshow/4842710.cms
#5yrsago Summing up the Democrats’ debate: Colbert’s scorching monologue https://www.thedailybeast.com/stephen-colbert-hits-longshot-democrats-for-spewing-republican-talking-points-at-cnn-debate
#5yrsago A modest proposal to solve no-deal Brexit: insure all losses with the pensions of Brexit supporters https://web.archive.org/web/20190205121528/https://twitter.com/Sime0nStylites/status/1092343448483651589
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
🏈 Upcoming appearances
* Launch for Adam Greenfield's *Lifehouse* at Page Against the Machine (Long Beach), Aug 3
https://www.facebook.com/events/837938428323731
* EFF Charity Poker Tournament (Defcon, Las Vegas, Horseshoe Poker Room), Aug 9 12h
https://www.eff.org/deeplinks/2024/06/betting-your-digital-rights-eff-benefit-poker-tournament-def-con-32
* Bricked & Abandoned: How To Keep The IoT From Becoming An Internet of Trash (Defcon, Las Vegas, Track 1), Aug 9 17h
https://info.defcon.org/event/?id=54844
* Disenshittify or die! How hackers can seize the means of computation and build a new, good internet that is hardened against our asshole bosses' insatiable horniness for enshittification (Defcon, Las Vegas, Track 1), Aug 10 12h
https://info.defcon.org/event/?id=54861
* Launch for Madeline Ashby's *Glass Houses* at Chevalier's Books (LA), Aug 16
https://www.eventbrite.com/e/book-talk-madeline-ashbys-glass-houses-tickets-965286486867
* Disenshittify or die! (Burning Man, Palenque Norte, 7&E), Aug 27, 13h
* Talking caterpillar Q&A (Burning Man, Liminal Labs, 830&C), Aug 28, 12h
* Albacon (Albany/remote), Sep 13-15
https://albacon.org/2024/
* TusCon (Tucson), Nov 8-10
https://tusconscificon.com/
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
🏈 Recent appearances
* The Paradigm Shift
https://paradigm-shift-on-4zzz.pinecast.co/episode/dbf12eaf/tech-criticism-with-cory-doctorow
* How To Fix The Internet (EFF)
https://www.eff.org/deeplinks/2024/06/podcast-episode-fighting-enshittification
* Big Tech and the News (Tech Policy Press)
https://www.techpolicy.press/big-tech-and-the-news/
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
🏈 Latest books
* The Bezzle: a sequel to "Red Team Blues," about prison-tech and other grifts, Tor Books (US), Head of Zeus (UK), February 2024 (the-bezzle.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3062/Available_Feb_20th%3A_The_Bezzle_HB.html#/).
* "The Lost Cause:" a solarpunk novel of hope in the climate emergency, Tor Books (US), Head of Zeus (UK), November 2023 (http://lost-cause.org). Signed, personalized copies at Dark Delicacies (https://www.darkdel.com/store/p3007/Pre-Order_Signed_Copies%3A_The_Lost_Cause_HB.html#/)
* "The Internet Con": A nonfiction book about interoperability and Big Tech (Verso) September 2023 (http://seizethemeansofcomputation.org). Signed copies at Book Soup (https://www.booksoup.com/book/9781804291245).
* "Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com. Signed copies at Dark Delicacies (US): and Forbidden Planet (UK): https://forbiddenplanet.com/385004-red-team-blues-signed-edition-hardcover/.
* "Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
* "Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The *Washington Post* called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html
* "How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59?sk=f6cd10e54e20a07d4c6d0f3ac011af6b) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)
* "Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
* "Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p2682/Corey_Doctorow%3A_Poesy_the_Monster_Slayer_HB.html#/.
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
🏈 Upcoming books
* Picks and Shovels: a sequel to "Red Team Blues," about the heroic era of the PC, Tor Books, February 2025
* Unauthorized Bread: a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2025
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
🏈 Colophon
Today's top sources:
Currently writing:
* Enshittification: a nonfiction book about platform decay. Today's progress: 911 words (30817 words total).
* A Little Brother short story about DIY insulin PLANNING
* Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. FORTHCOMING TOR BOOKS JAN 2025
* Vigilant, Little Brother short story about remote invigilation. FORTHCOMING ON TOR.COM
* Spill, a Little Brother short story about pipeline protests. FORTHCOMING ON TOR.COM
Latest podcast:
Unpersoned https://craphound.com/news/2024/07/29/unpersoned/
This work - excluding any serialized fiction - is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^-^
🏈 How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Pluralistic.net
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
https://mamot.fr/@pluralistic
Medium (no ads, paywalled):
https://doctorow.medium.com/
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
https://twitter.com/doctorow
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"*When life gives you SARS, you make sarsaparilla*" -Joey "Accordion Guy" DeVilla
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x9026DBBE1FC237AF.asc
Type: application/pgp-keys
Size: 3480 bytes
Desc: OpenPGP public key
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20240801/8eaf20a2/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://mail.flarn.com/pipermail/plura-list/attachments/20240801/8eaf20a2/attachment.sig>
More information about the Plura-list
mailing list