Privacy first

The internet is embroiled in a vicious polycrisis: child safety, surveillance, discrimination, disinformation, polarization, monopoly, journalism collapse – not only have we failed to agree on what to do about these, there's not even a consensus that all of these are problems.

But in a new whitepaper, my EFF colleagues Corynne McSherry, Mario Trujillo, Cindy Cohn and Thorin Klosowski advance an exciting proposal that slices cleanly through this Gordian knot, which they call "Privacy First":

https://www.eff.org/wp/privacy-first-better-way-address-online-harms

Here's the "Privacy First" pitch: whatever is going on with all of the problems of the internet, all of these problems are made worse by commercial surveillance.

Worried your kid is being made miserable through targeted ads? No surveillance, no targeting.

Worried your uncle was turned into a Qanon by targeted disinformation? No surveillance, no targeting. Worried that racialized people are being targeted for discriminatory hiring or lending by algorithms? No surveillance, no targeting.

Worried that nation-state actors are exploiting surveillance data to attack elections, politicians, or civil servants? No surveillance, no surveillance data.

Worried that AI is being trained on your personal data? No surveillance, no training data.

Worried that the news is being killed by monopolists who exploit the advantage conferred by surveillance ads to cream 51% off every ad-dollar? No surveillance, no surveillance ads.

Worried that social media giants maintain their monopolies by filling up commercial moats with surveillance data? No surveillance, no surveillance moat.

The fact that commercial surveillance hurts so many groups of people in so many ways is terrible, of course, but it's also an amazing opportunity. Thus far, the individual constituencies for, say, saving the news or protecting kids have not been sufficient to change the way these big platforms work. But when you add up all the groups whose most urgent cause would be significantly improved by comprehensive federal privacy law, vigorously enforced, you get an unstoppable coalition.

America is decades behind on privacy. The last really big, broadly applicable privacy law we passed was a law banning video-store clerks from leaking your porn-rental habits to the press (Congress was worried about their own rental histories after a Supreme Court nominee's movie habits were published in the Washington City Paper):

https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act

In the decades since, we've gotten laws that poke around the edges of privacy, like HIPAA (for health) and COPPA (data on under-13s). Both laws are riddled with loopholes and neither is vigorously enforced:

https://pluralistic.net/2023/04/09/how-to-make-a-child-safe-tiktok/

Privacy First starts with the idea of passing a fit-for-purpose, 21st century privacy law with real enforcement teeth (a private right of action, which lets contingency lawyers sue on your behalf for a share of the winnings):

https://www.eff.org/deeplinks/2022/07/americans-deserve-more-current-american-data-privacy-protection-act

Here's what should be in that law:

A ban on surveillance advertising:

https://www.eff.org/deeplinks/2022/03/ban-online-behavioral-advertising

Data minimization: a prohibition on collecting or processing your data beyond what is strictly necessary to deliver the service you're seeking.

Strong opt-in: None of the consent theater click-throughs we suffer through today. If you don't give informed, voluntary, specific opt-in consent, the service can't collect your data. Ignoring a cookie click-through is not consent, so you can just bypass popups and know you won't be spied on.

No preemption. The commercial surveillance industry hates strong state privacy laws like the Illinois biometrics law, and they are hoping that a federal law will pre-empt all those state laws. Federal privacy law should be the floor on privacy nationwide – not the ceiling:

https://www.eff.org/deeplinks/2022/07/federal-preemption-state-privacy-law-hurts-everyone

No arbitration. Your right to sue for violations of your privacy shouldn't be waivable in a clickthrough agreement:

https://www.eff.org/deeplinks/2022/04/stop-forced-arbitration-data-privacy-legislation

No "pay for privacy." Privacy is not a luxury good. Everyone deserves privacy, and the people who can least afford to buy private alternatives are most vulnerable to privacy abuses:

https://www.eff.org/deeplinks/2020/10/why-getting-paid-your-data-bad-deal

No tricks. Getting "consent" with confusing UIs and tiny fine print doesn't count:

https://www.eff.org/deeplinks/2019/02/designing-welcome-mats-invite-user-privacy-0

A Privacy First approach doesn't merely help all the people harmed by surveillance, it also prevents the collateral damage that today's leading proposals create. For example, laws requiring services to force their users to prove their age ("to protect the kids") are a privacy nightmare. They're also unconstitutional and keep getting struck down.

A better way to improve the kid safety of the internet is to ban surveillance. A surveillance ban doesn't have the foreseeable abuses of a law like KOSA (the Kids Online Safety Act), like bans on information about trans healthcare, medication abortions, or banned books:

https://www.eff.org/deeplinks/2023/05/kids-online-safety-act-still-huge-danger-our-rights-online

When it comes to the news, banning surveillance advertising would pave the way for a shift to contextual ads (ads based on what you're looking at, not who you are). That switch would change the balance of power between news organizations and tech platforms – no media company will ever know as much about their readers as Google or Facebook do, but no tech company will ever know as much about a news outlet's content as the publisher does:

https://www.eff.org/deeplinks/2023/05/save-news-we-must-ban-surveillance-advertising

This is a much better approach than the profit-sharing arrangements that are being trialed in Australia, Canada and France (these are sometimes called "News Bargaining Codes" or "Link Taxes"). Funding the news by guaranteeing it a share of Big Tech's profits makes the news into partisans for that profit – not the Big Tech watchdogs we need them to be. When Torstar, Canada's largest news publisher, struck a profit-sharing deal with Google, they killed their longrunning, excellent investigative "Defanging Big Tech" series.

A privacy law would also protect access to healthcare, especially in the post-Roe era, when Big Tech surveillance data is being used to target people who visit abortion clinics or secure medication abortions. It would end the practice of employers forcing workers to wear health-monitoring gadget. This is characterized as a "voluntary" way to get a "discount" on health insurance – but in practice, it's a way of punishing workers who refuse to let their bosses know about their sleep, fertility, and movements.

A privacy law would protect marginalized people from all kinds of digital discrimination, from unfair hiring to unfair lending to unfair renting. The commercial surveillance industry shovels endless quantities of our personal information into the furnaces that fuel these practices. A privacy law shuts off the fuel supply:

https://www.eff.org/deeplinks/2023/04/digital-privacy-legislation-civil-rights-legislation

There are plenty of ways that AI will make our lives worse, but copyright won't fix it. For issues of labor exploitation (especially by creative workers), the answer lies in labor law:

https://pluralistic.net/2023/10/01/how-the-writers-guild-sunk-ais-ship/

And for many of AI's other harms, a muscular privacy law would starve AI of some of its most potentially toxic training data:

https://www.businessinsider.com/tech-updated-terms-to-use-customer-data-to-train-ai-2023-9

Meanwhile, if you're worried about foreign governments targeting Americans – officials, military, or just plain folks – a privacy law would cut off one of their most prolific and damaging source of information. All those lawmakers trying to ban Tiktok because it's a surveillance tool? What about banning surveillance, instead?

Monopolies and surveillance go together like peanut butter and chocolate. Some of the biggest tech empires were built on mountains of nonconsensually harvested private data – and they use that data to defend their monopolies. Legal privacy guarantees are a necessary precursor to data portability and interoperability:

https://www.eff.org/wp/interoperability-and-privacy

Once we are guaranteed a right to privacy, lawmakers and regulators can order tech giants to tear down their walled gardens, rather than relying on tech companies to (selectively) defend our privacy:

https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

The point here isn't that privacy fixes all the internet's woes. The policy is "privacy first," not "just privacy." When it comes to making a new, good internet, there's plenty of room for labor law, civil rights legislation, antitrust, and other legal regimes. But privacy has the biggest constituency, gets us the most bang for the buck, and has the fewest harmful side-effects. It's a policy we can all agree on, even if we don't agree on much else. It's a coalition in potentia that would be unstoppable in reality. Privacy first! Then – everything else!

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/12/06/privacy-first/#but-not-just-privacy

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

STOP THE NC MASK BAN

Even if you're outside of NC, please call and say that you'll NEVER set foot or spend money in North Carolina!!!

Call these 3 reps as they may be swayed!

Call to stop the mask ban Representative Tim Reeder (he's a doctor!): [email protected]/ 919-733-5757

Representative Kristin Baker: [email protected]/ 919-733-5861

Representative Donny Lambeth: [email protected]/ 919-733-5747

We're on a dangerous route to a potential totalitarian mass surveillance police state. Besides the negative and repressive impacts such technologies already can/do have today (like impressively illustrated in the book "Automating Inequality" linked below) - just imagine a successful coup d'État taking place, a totalitarian regime coming to power.... and with that getting access to such technologies just like this.

What would keep them from just forcibly take all these infrastructures over? Would it even be possible anymore to organize resistance under such circumstances? Cash will disappear too - they're already working on that today - and we're basically screwed. How could you organize opposition and resistance; not to even mention funding them...?! With things like facial and voice recognition you no longer can just ditch potential tracking devices and leave them at home - you will get tracked anyways - anywhere, anytime.

Censorship would take on unprecedented proportions.

Social injustice, discrimination and inequality get even worse and more widespread through the use of "big data" / all encompassing data harvesting, since authorities, insurance companies, banks and more all get full access to relevant as well as not really relevant data about anyone they like without consent and without them even knowing. In a world where classism, racism, ableism, misogyny still run rampant it's not hard to see how this can - and already does - profoundly affect the lifes and perspectives of millions upon millions of people and how it can be potentially abused.

Now imagine the future & how it will be then.

Truly a dystopian outlook.

Ontario's secret police

I am not excited about Harris as a candidate, but I will be voting for her in this upcoming election. This is why→

(full transcript under the cut)

I AM VOTING AGAINST THIS

“Transgender ideology” to be classified as pornography & excluded from First Amendment protection. Authors who produce & distribute it threatened with prison. Educators & public librarians who share it classed as registered sex offenders. communications & technology firms that facilitate its spread shuttered. -Project 2025, page 5

Delete the terms sexual orientation, gender identity, diversity, equity, & inclusion, gender equality, abortion, reproductive health, reproductive rights, out of every federal rule, contract, grant, regulation, & piece of legislation that exist. -Project 2025 page 5

I AM VOTING AGAINST THIS

Victimization should not be a basis for an immigration benefit. -Project 2025, page 141

Increase all fees for asylum applications, limit the availability of fee waivers. -Project 2025, page 146

Mandatory appropriation for border wall system infrastructure. -Project 2025, page 147

Deny loan access to those who are not U.S. citizens or lawful permanent residents & deny loan access to students at schools that provide in-state tuition to illegal aliens. -Project 2025, page 167

Ensure that only U.S. citizens & lawful permanent residents utilize or occupy federally subsidized housing. -Project 2025, page 167

I AM VOTING AGAINST THIS

Encourage intelligence agencies not to waste effort collecting surveillance data when they can buy it from private sector facial recognition companies. -Project 2025, page 206

Defund the Corporation for Public Broadcast, specifically NPR & PBS educational programs like Sesame Street. -Project 2025, pages 246-247

The USDA will not be able to place environmental issues ahead of agricultural production. Reconsider the Food Stamps program. -Project 2025, page 290

Labeling regulations that unnecessarily delay the manufacture & sale of baby formula should be re-evaluated. -Project 2025, page 302

I AM VOTING AGAINST THIS

Eliminate the Community Eligibility Program which allows school districts with high rates of poverty to offer meals to all students without having to qualify each student individually. No longer provide meals to students during the summer unless students are taking summer-school classes. -Project 2025, page 303

No public education employee shall use a pronoun in addressing a student that is different from that student’s biological sex without written permission of the parents or guardians. -Project 2025 page 346

Delete reporting on which educational institutions claim religious exemption from Title IX. -Project 2025 page 357

I AM VOTING AGAINST THIS

Gut the Office for Civil Rights’ power to prosecute any kind of discrimination in public schools. -Project 2025, page 357

Eliminate the Office of Fossil Energy & Carbon Management -Project 2025 page 377

Eliminate the stand-alone Office of Environmental Justice & External Civil Rights -Project 2025, page 421

Restructure the Office of International & Tribal Affairs into the American Indian Environmental Office -Project 2025, page 421

Eliminate the Office of Public Engagement & Environmental Education -Project 2025, page 421

Pause all action of the Environmental Protection Agency for review. -Project 2025, page 422

I AM VOTING AGAINST THIS

Center for Disease Control stripped of the ability to suggest that schools embrace masking or vaccination strategies. -Project 2025, page 454

All states will be required to submit detailed information about pregnancies, abortions & miscarriages to a federal database. -Project 2025, page 455

The medication Mifepristone, a life-saving drug used to stop deadly postpartum hemorrhages that’s also used in chemical abortions, will be banned. -Project 2025, pages 458-459

Artificial intelligence should be used to determine what is suitable treatment for those currently covered by Medicare. -Project 2025, page 463

I AM VOTING AGAINST THIS

Repeal the Inflation Reduction Act, which implements government price controls for prescription drugs. -Project 2025, page 465

Funding for abortion travel prohibited under the Hyde Amendment. -Project 2025, page 471

End taxpayer funding of Planned Parenthood. -Project 2025, page 471

Withdraw Medicaid funds for states that require abortion insurance. -Project 2025, page 472

Hospitals will no longer be willing to perform emergency abortions, even to save the life of the mother. -Project 2025, page 473

I AM VOTING AGAINST THIS

Rescind the Department of Health & Human Services' ability to impose a moratorium on rental evictions during COVID. -Project 2025, page 492

Rescind large portions of The Endangered Species Act & The Migratory Bird Treaty Act, reinstate Trump’s plan for opening the National Petroleum Reserve of Alaska to leasing and development. -Project 2025, page 524

Review & downsize national monuments. -Project 2025, page 532

End the Endangered Species Act’s ability to prevent economic development & de-list many currently endangered species. -Project 2025, pages 533-534

I AM VOTING AGAINST THIS

Make it harder for workers to unionize & easier for employers to retaliate against whistleblowers & organizers. -Project 2025, pages 601-602

TikTok classified as a national security concern & made non-operational. -Project 2025, page 674

Break up National Oceanic & Atmospheric Administration, including National Weather Service & National Marine Fisheries Service. -Project 2025, page 674

Downsize the Office of Oceanic & Atmospheric Research; disband its climate-change research work. -Project 2025 page 676

AND SO MUCH MORE. 

The full text of Project 2025 is available at static.project2025.org/2025_MandateForLeadership_FULL.pdf I am very grateful to stopproject2025comic.org which produced a series of very readable comics to help explain many sections of Project 2025. Some of the language in this post is taken directly from their transcripts. (You can read many of their comics here on tumblr @stopproject2025comic) Please vote against Project 2025. Our tattered democracy, healthcare, clean air & water, workers rights, reproductive rights, civil rights, intellectual freedom and more are at stake. 

What do u think of reader who was nice to König before the monster uprising? You think König will be extremely obsessed with them?

I can imagine the reader being a medic or a researcher in this scenario - maybe even a monster psychology expert, someone who believes that all monsters should be treated equally and that humans should strive for normalcy instead of discrimination. Your beliefs didn't save you from initially being set up as a pet in this newly build monster society - but you did had some familiar faces making sure you're not treated like the rest of the human scum.

You're a sunshine on the researching base, adorable little nurse or silly and clumsy assistant - you are not treated like breeding stock for the human pets, you're not sold off to someone who would use you as an incubator and, all things considered, you have a nice warm cell, food on the table and work under strick surveillance. You never knew why you got so lucky until a well over a few months in captivity, when you were suddenly called to the higher ranks. Stepping into the colonel's office, you never knew this would be the last time you saw the outside world for a long, long time.

Konig...adored you. Watched over you ever since he was a simple chained monster for the military, back in the days where he was used to beg for your affection - you barely remember him, being another twisted face in the crowd, but he would never forget your soft touch and gentle words. He is disappointed he wasn't as special to you as you were to him...but he can work with this. You don't have any choice except to beg for his affection now, and you will have to act like his pretty little wife if you want him to continue being so loving.

You have this weird position with his recruits, too - many of them remember how kind you were before everything happened, so they won't exactly bully you. If anything, they feel bad about you being pawned over to a man like Konig - but it won't really help you, to be quite honest. They are vigilant about letting you go anywhere besides colonel's quarters, but at least they are willing to bring you snacks and some desserts.

do you have any good queer news? I'm a queer person and hearing all the shit thats happening across the world is making me bummed out

I do! All of this is from LGBTQ Nation's excellent good news tag

^Article date: July 6, 2023

"Only two months after its formation, the “No SB 180” initiative had succeeded at making the city of Lawrence, Kansas a sanctuary city for LGBTQ+ people. Last week, in a unanimous vote, Lawrence became the first city in the state to declare itself as such.

Ordinance 9999 bans the city and all of its employees from collecting or releasing information on a person’s “biological sex, either male or female, at birth” and from helping with any investigation, detention, arrest, or surveillance “conducted by a jurisdiction with the authority to enforce Senate Bill 180, as enacted.”"

^Article date: July 28, 2023

"A federal judge has told a group of anti-trans parents to mind their own business after the group filed a lawsuit challenging an Ohio school district’s bathroom policy.

The attempts to meddle do not “pass legal muster,” he wrote in his ruling, saying that the group has no reason to sue.

“Not every contentious debate concerning matters of public importance presents a cognizable federal lawsuit,” Judge Michael Newman wrote, denying their petition to stop the Bethel Local School District’s policy that allows a single transgender middle school student to use the restroom that aligns with her gender identity."

^Article date: August 8, 2023

"The U.S. Agency for International Development (USAID), the independent federal agency responsible for administering civilian foreign aid and development assistance, has released its first-ever “LGBTQI+-inclusive” policy since its founding in 1961.

The four-point policy is meant to serve as a blueprint for USAID staff and partners around the world to champion LGBTQ+ and intersex development and the human rights of all queer people through the agency’s work, said Jay Gilliam, USAID’s senior LGBTQI+ coordinator, in a video explaining the policy...

In simpler terms, the U.S. will try to improve diplomatic relationships with other countries by investing in locally-led LGBTQ+-inclusive programs that are shown to positively impact communities in need."

^Article date: August 3, 2023

The U.S. Court of Appeals for the Seventh Circuit has ruled in favor of three transgender students who were forbidden by their schools from using bathrooms matching their gender identities. The circuit court upheld a lower court’s preliminary injunction that said the schools have to let trans students use facilities associated with their genders...

The case involves three trans boys in Martinsville, Indiana and Terre Haute, Indiana, who need access to the boys’ room at their middle and high schools...

The court took into account the fact that Title IX bans discrimination on the basis of sex in schools that receive federal money, which is most of them. Citing the 2020 Supreme Court decision in Bostock v. Clayton Co. that found that job discrimination against LGBTQ+ people necessarily takes sex into account and is therefore prohibited under Title VII, the appeals court ruled that the trans boys are likely to succeed in their case and that preventing them from using the correct bathroom while the case works its way through the court system could cause irreparable harm.

^Article date: August 2, 2023

^Article date: June 21, 2023

"A federal judge has ruled on the side of trans rights after a conservative group tried to overturn an Ohio school district’s anti-bullying policy.

The national conservative group Parents Defending Education (PDE) tried to get a preliminary injunction passed on the Olentangy Local School District’s prohibition on misgendering trans students. The policy includes students, teachers, and parents and it applies to out-of-school hours and social media as well."

^Article date: August 2, 2023

There's literally a bunch more I wanted to include, by the way! Tumblr just stopped being able to load them. Going back to add a few more in the reblogs now.

I know it feels like everything is against us right now. But I promise you: that is not true. The bigots and bastards may usually be the ones moving faster (in large part because they suck and don't care about democracy or due process at all),

But in the end, we are going to win. I promise.

Armed with a propensity for eugenics, gender anxiety, and a startling lack of scientific evidence, a small set of Nazi officials influenced the International Olympic Committee into gender surveillance and trans panic — stuff that eerily mirrors the transphobic attacks that athletes, cis and trans alike, face today.

Holy CRAP the UN Cybercrime Treaty is a nightmare

Support me this summer on the Clarion Write-A-Thon and help raise money for the Clarion Science Fiction and Fantasy Writers' Workshop!

If there's one thing I learned from all my years as an NGO delegate to UN specialized agencies, it's that UN treaties are dangerous, liable to capture by unholy alliances of authoritarian states and rapacious global capitalists.

Most of my UN work was on copyright and "paracopyright," and my track record was 2:0; I helped kill a terrible treaty (the WIPO Broadcast Treaty) and helped pass a great one (the Marrakesh Treaty on the rights of people with disabilities to access copyrighted works):

https://www.wipo.int/treaties/en/ip/marrakesh/

It's been many years since I had to shave and stuff myself into a suit and tie and go to Geneva, and I don't miss it – and thankfully, I have colleagues who do that work, better than I ever did. Yesterday, I heard from one such EFF colleague, Katitza Rodriguez, about the Cybercrime Treaty, which is about to pass, and which is, to put it mildly, terrifying:

https://www.eff.org/deeplinks/2024/07/un-cybercrime-draft-convention-dangerously-expands-state-surveillance-powers

Look, cybercrime is a real thing, from pig butchering to ransomware, and there's real, global harms that can be attributed to it. Cybercrime is transnational, making it hard for cops in any one jurisdiction to handle it. So there's a reason to think about formal international standards for fighting cybercrime.

But that's not what's in the Cybercrime Treaty.

Here's a quick sketch of the significant defects in the Cybercrime Treaty.

The treaty has an extremely loose definition of cybercrime, and that looseness is deliberate. In authoritarian states like China and Russia (whose delegations are the driving force behind this treaty), "cybercrime" has come to mean "anything the government disfavors, if you do it with a computer." "Cybercrime" can mean online criticism of the government, or professions of religious belief, or material supporting LGBTQ rights.

Nations that sign up to the Cybercrime Treaty will be obliged to help other nations fight "cybercrime" – however those nations define it. They'll be required to provide surveillance data – for example, by forcing online services within their borders to cough up their users' private data, or even to pressure employees to install back-doors in their systems for ongoing monitoring.

These obligations to aid in surveillance are mandatory, but much of the Cybercrime Treaty is optional. What's optional? The human rights safeguards. Member states "should" or "may" create standards for legality, necessity, proportionality, non-discrimination, and legitimate purpose. But even if they do, the treaty can oblige them to assist in surveillance orders that originate with other states that decided not to create these standards.

When that happens, the citizens of the affected states may never find out about it. There are eight articles in the treaty that establish obligations for indefinite secrecy regarding surveillance undertaken on behalf of other signatories. That means that your government may be asked to spy on you and the people you love, they may order employees of tech companies to backdoor your account and devices, and that fact will remain secret forever. Forget challenging these sneak-and-peek orders in court – you won't even know about them:

https://www.eff.org/deeplinks/2024/06/un-cybercrime-draft-convention-blank-check-unchecked-surveillance-abuses

Now here's the kicker: while this treaty creates broad powers to fight things governments dislike, simply by branding them "cybercrime," it actually undermines the fight against cybercrime itself. Most cybercrime involves exploiting security defects in devices and services – think of ransomware attacks – and the Cybercrime Treaty endangers the security researchers who point out these defects, creating grave criminal liability for the people we rely on to warn us when the tech vendors we rely upon have put us at risk.

This is the granddaddy of tech free speech fights. Since the paper tape days, researchers who discovered defects in critical systems have been intimidated, threatened, sued and even imprisoned for blowing the whistle. Tech giants insist that they should have a veto over who can publish true facts about the defects in their products, and dress up this demand as concern over security. "If you tell bad guys about the mistakes we made, they will exploit those bugs and harm our users. You should tell us about those bugs, sure, but only we can decide when it's the right time for our users and customers to find out about them."

When it comes to warnings about the defects in their own products, corporations have an irreconcilable conflict of interest. Time and again, we've seen corporations rationalize their way into suppressing or ignoring bug reports. Sometimes, they simply delay the warning until they've concluded a merger or secured a board vote on executive compensation.

Sometimes, they decide that a bug is really a feature – like when Facebook decided not to do anything about the fact that anyone could enumerate the full membership of any Facebook group (including, for example, members of a support group for people with cancer). This group enumeration bug was actually a part of the company's advertising targeting system, so they decided to let it stand, rather than re-engineer their surveillance advertising business.

The idea that users are safer when bugs are kept secret is called "security through obscurity" and no one believes in it – except corporate executives. As Bruce Schneier says, "Anyone can design a system that is so secure that they themselves can't break it. That doesn't mean it's secure – it just means that it's secure against people stupider than the system's designer":

The history of massive, brutal cybersecurity breaches is an unbroken string of heartbreakingly naive confidence in security through obscurity:

https://pluralistic.net/2023/02/05/battery-vampire/#drained

But despite this, the idea that some bugs should be kept secret and allowed to fester has powerful champions: a public-private partnership of corporate execs, government spy agencies and cyber-arms dealers. Agencies like the NSA and CIA have huge teams toiling away to discover defects in widely used products. These defects put the populations of their home countries in grave danger, but rather than reporting them, the spy agencies hoard these defects.

The spy agencies have an official doctrine defending this reckless practice: they call it "NOBUS," which stands for "No One But Us." As in: "No one but us is smart enough to find these bugs, so we can keep them secret and use them attack our adversaries, without worrying about those adversaries using them to attack the people we are sworn to protect."

NOBUS is empirically wrong. In the 2010s, we saw a string of leaked NSA and CIA cyberweapons. One of these, "Eternalblue" was incorporated into off-the-shelf ransomware, leading to the ransomware epidemic that rages even today. You can thank the NSA's decision to hoard – rather than disclose and patch – the Eternalblue exploit for the ransoming of cities like Baltimore, hospitals up and down the country, and an oil pipeline:

https://en.wikipedia.org/wiki/EternalBlue

The leak of these cyberweapons didn't just provide raw material for the world's cybercriminals, it also provided data for researchers. A study of CIA and NSA NOBUS defects found that there was a one-in-five chance of a bug that had been hoarded by a spy agency being independently discovered by a criminal, weaponized, and released into the wild.

Not every government has the wherewithal to staff its own defect-mining operation, but that's where the private sector steps in. Cyber-arms dealers like the NSO Group find or buy security defects in widely used products and services and turn them into products – military-grade cyberweapons that are used to attack human rights groups, opposition figures, and journalists:

https://pluralistic.net/2021/10/24/breaking-the-news/#kingdom

A good Cybercrime Treaty would recognize the perverse incentives that create the coalition to keep us from knowing which products we can trust and which ones we should avoid. It would shut down companies like the NSO Group, ban spy agencies from hoarding defects, and establish an absolute defense for security researchers who reveal true facts about defects.

Instead, the Cybercrime Treaty creates new obligations on signatories to help other countries' cops and courts silence and punish security researchers who make these true disclosures, ensuring that spies and criminals will know which products aren't safe to use, but we won't (until it's too late):

https://www.eff.org/deeplinks/2024/06/if-not-amended-states-must-reject-flawed-draft-un-cybercrime-convention

A Cybercrime Treaty is a good idea, and even this Cybercrime Treaty could be salvaged. The member-states have it in their power to accept proposed revisions that would protect human rights and security researchers, narrow the definition of "cybercrime," and mandate transparency. They could establish member states' powers to refuse illegitimate requests from other countries:

https://www.eff.org/press/releases/media-briefing-eff-partners-warn-un-member-states-are-poised-approve-dangerou

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/07/23/expanded-spying-powers/#in-russia-crime-cybers-you

Image: EFF https://www.eff.org/files/banner_library/cybercrime-2024-2b.jpg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/us/

a voteblue told me the other day that if I don't vote, my government "won't know I exist" and therefore won't know my grievances. I had to laugh because my governments at the state, federal, and local level have longstanding documented policies of surveilling my ethnic group! the government knows very well that I exist — from the moment I was born they identified me as their enemy, an "anchor baby" and "sleeper cell," a demographic threat and a national security threat. before I was old enough to form any opinion about my government they had already labeled me an enemy of the state. they know all about Arab grievances and have 0 interest in listening to us because they do not see us civilian constituents who they serve, they see us as hostile foreign others.

you have to get this through your head if you want to understand how Arabs in the so-called US move politically. we move with the understanding that this country is by default antagonistic and hostile towards us on the basis of our race, and to whatever extent we engage in electoral politics, we do so knowing that our government is fundamentally not on our side and getting our perspectives heard (much less empathized with) requires a lot of extra work beyond casting a vote. policies of surveilling Arabs are consistent across red and blue states and admins, and at every level of government (which is why I roll my eyes when I'm told to vote down-ballot — all the candidates at the local level hate me too!)

to give you a glimpse of how our relationship with our government actually works, here are some excerpts from a 2022 congressional testimony by Maya Berry (executive director of the Arab American Institute):

"The federal government has justified counterterrorism and other law enforcement practices in the name of national security for what is a seemingly endless 'war on terror.' In the process, the government has viewed specific communities, including Arab Americans and American Muslims, as a threat to national security and in so doing, has securitized their relationship. ... While not an attempt at a comprehensive list, the following are select examples of government and law-enforcement policies that have targeted Arab Americans (and in some cases, American Muslims and South Asian Americans) or viewed them through a securitized lens. .... In each of these cases, government or law-enforcement policies can be seen as facilitating discrimination rather than functioning as policies of a state actor obligated to safeguard and defend the rights of its citizens. In the wake of the killing of Israeli athletes in a terrorist attack at the 1972 Munich Olympics, the Nixon Administration created the surveillance program known as Operation Boulder. The program sought to silence Arab and Arab American voices within the United States through investigation, surveillance, and harassment. It 'specifically targeted Arabs with U.S. citizenship, resident aliens of Arab descent, non-Arab Americans sympathetic to Arab causes, as well as the relatives, neighbors, friends, and employers of Arab individuals.' Operation Boulder officially ended in 1975 after it was deemed 'not worth it' by law enforcement, though its demise would be announced in a major media outlet as 'A Plan to Screen Terrorists Ends.' In 1987, seven Palestinian men and a Kenyan woman were arrested in Los Angeles for distributing a magazine of the Popular Front for the Liberation of Palestine, an organization then considered an advocate for world communism. For the students, known as the 'L.A. 8,' this was a deportable offense under the McCarthy-era McCarran-Walter Act. In 1989, a federal judge declared the charges unconstitutional and, in 1990, Congress repealed the Act. However, two members of the L.A. 8 faced the continued threat of deportation for decades until the government finally ended their effort to deport them in 2007. ... The case of the L.A. 8 is well known among Arab Americans. First, it targeted pro-Palestinian activists and raised the question of whether Arab immigrants or Arab Americans who advocated for Palestinian human rights were indeed protected by the same constitutional rights to free speech and association. Further, in proceedings of the case, it was discovered that the DOJ had a plan for a detention camp called, 'Alien Terrorists and Undesirables: A Contingency Plan.' ... In 2004, it was learned through a Freedom of Information Act request that the Census Bureau had shared demographic data about Arab Americans with the Department of Homeland Security on at least two occasions, in 2002 and 2003. Without a Middle East and North Africa (MENA) category on the Census, it is well documented that Arab Americans are an undercounted community. Yet, DHS was provided with data showing cities with more than 1,000 Arab Americans and zip code-level data broken down by country of origin.

In 2011, the Associated Press published an investigative report on New York Police Department (NYPD) counterterrorism and surveillance programs that directly targeted Arab American Muslim businesses, mosques, and communities in New York and New Jersey in the immediate aftermath of 9/11. The revelations of the breadth and depth of the NYPD’s surveillance program were shocking, with use of widespread 'ethnic mapping,' and reporting on innocent people going about their daily routines. The NYPD’s spying program and others like it are not only unconstitutional, but are also ineffective and significantly harmful to the communities they infiltrate. Not a single lead on terrorist operations resulted from NYPD’s spying activities. In 2011, the Obama Administration released the 'Strategic Implementation Plan for Empowering Local Partners to Prevent Violent Extremism in the United States.' The plan was introduced as a domestic counterterrorism strategy and became the foundation for the federal government’s Countering Violent Extremism (CVE) programs. In 2016, DHS began the Interagency CVE Task Force, which essentially approached community outreach to American Muslim communities as part of counterterrorism programming. Beyond the serious issue of the lack of an evidence-based foundation for CVE, these programs sought to deputize local community members and organizations to surveil their own communities on behalf of the U.S. government.

In 2011, a series of reports by an investigative journalist exposed biased FBI counterterrorism training material. Characterizing American Muslims and Arab Americans as prone to violence, some of the material’s 'highlights' include statements that 'mainstream American Muslims are likely to be terrorist sympathizers,' comparisons between Islam and the Death Star from Star Wars, and assertions that the 'Arab mind' is 'swayed more by ideas than facts,' and that unlike the 'Western Mind' being 'even keel,' in the Arab world, ‘Outbursts and Loss of Control [is] Expected.'

... In 2021, the Biden Administration established the Center for Prevention Programs and Partnerships (CP3). While appearing to be an extension of the Obama Administration’s Countering Violent Extremism (CVE) programs, Biden Administration officials have distanced themselves from previous CVE efforts saying they have taken a new approach. However, like its predecessors, CP3 seems to rest on flawed concepts about 'radicalization' that perpetuate stereotypes of communities and undermine public trust in government."

the US government pays very close attention to us, and it's only to our detriment. invisibility is not the issue here, white supremacy is, and you can't vote white supremacy out of a nation built on it

A $2.5 million lawsuit alleges Ottawa police wiretapped and surveilled five of its own Black, Somali officers, hasn't told them why and accuses the service of being an institution "rife with racism and discrimination that over-polices the racialized communities it has pledged to protect."

The civil action was filed in the Ontario Superior Court of Justice by constables Liban Farah, Mohamed Islam, Abdullahi Ahmed, AhmedKhador Ali and Feisal Bila Houssein in 2023 against the Ottawa Police Services Board and three unnamed members of the Ottawa Police Service (OPS). In addition to the five officers, there are three civilian plaintiffs who are family members of two of the officers.

As first reported by CBC, the lawsuit alleges three wiretaps and a general warrant which included video surveillance were obtained "based on racist and stereotypical assumptions about Black persons of Somali origin." They don't know why the wiretap authorizations and general warrant were approved by a judge because they're sealed.

[...]

The Plaintiffs "believe that they were the subject of wiretaps for ulterior motives in breach of their Charter rights: retaliation for their complaints about racism within the OPS, their attempts to improve the OPS and stereotypes about their kinship and familial relationships," the lawsuit states.

Full article

Tagging: @allthecanadianpolitics

Natives. Truckers. Students. Who's next?

Alex Abad-Santos at Vox:

Despite being a time when people from all over the world come together in equality and peace, the Olympics are still uncertain territory for transgender athletes. There are no transgender athletes who are competing outside of the gender they were assigned at birth at this year’s Games. Transgender women who transitioned after puberty aren’t allowed to compete in major sports on a college level. Athletes Nikki Hiltz, a runner, and Hergie Bacyadan, a boxer, both identify as transgender (Hiltz also identifies as nonbinary), but both have always and continue to compete in the women’s division, which is the sex they were assigned at birth. Athletes who do not identify as trans, like Algerian boxer Imane Khelif, have also been scrutinized for their gender. Along with China’s Lin Yu-ting, Khelif is one of two women boxers who failed a “sex test” from the International Boxing Association last year. They have since been connected to discussions of sports and Differences of Sexual Development (DSD), a rare group of genetic and hormonal disorders allowed under International Olympic Committee guidelines. After Khelif’s Italian competitor Angela Carini conceded their match less than a minute into their bout, many have weighed in, including Elon Musk and J.K. Rowling.

Outside of the Games, trans people face so much backlash, often for simply existing. The conversation around sports is particularly fraught, from children’s athletics right up through the pros. Despite the International Olympic Committee vowing to be more inclusive, the future for trans athletes is unclear. It all raises the question: How did we get to this point, and did it always have to be this way? The answers found in historian and journalist Michael Waters’s The Other Olympians: Fascism, Queerness, and the Making of Modern Sports might be surprising. Waters’s book traces the emergence of Zdeněk Koubek, a track and field star representing the country formerly known as Czechoslovakia who, at 21, won two medals — a gold in the 800m and a bronze in the long jump — at the 1934 Women’s World Games. (The Women’s World Games was the precursor to women competing at the Olympics). In 1935, Koubek announced that he would be living life as a man and swiftly became an international celebrity.

Perhaps the most intriguing facet to Koubek’s story was in the public response. Koubek was more welcomed and celebrated than we might imagine. There was an open-mindedness and empathy to the reception of Koubek and his gender identity and expression in the 1930s. Waters also pinpoints where and when that changed, specifically at the 1936 Olympics in Nazi Germany. Armed with a propensity for eugenics, gender anxiety, and a startling lack of scientific evidence, a small set of Nazi officials influenced the International Olympic Committee into gender surveillance and trans panic — stuff that eerily mirrors the transphobic attacks that athletes, cis and trans alike, face today.

Anti-trans discrimination in the Olympics stretches as far back as the infamous 1936 games in Berlin.

I often wonder if I would feel differently about The Staircase Scene if I had seen SAF when it first came out in 2016. The first time I saw it was probably around October or November of 2023, and like... the context is different now.

Whatever we want to say about the personal story arcs of these characters (and I know I'm in a tiny minority because, for me, killing Owen does not constitute a satisfying close to Curt's arc, that's totally fine), there is the very real issue of the sociopolitical context that this scene takes place within- both in their time (1961) and in ours.

One very cool thing about SAF is that, in order to understand these characters better, a lot of younger queer folks end up learning about the Lavender Scare, about Executive Order 10450- which officially prohibited gay people from working for the US government- for the first time. That's an incredible, precious thing to me. Yay queer history! It's important!

The show itself never addresses the fact that both the US and UK governments had very public, very brutal campaigns equating homosexuality with communism with being a traitor to your country. But if you want to understand these characters, and especially write fanfiction, you're really incentivized to teach yourself some fundamentally important aspects of queer history.

In the 54 Below concert, before singing Not So Bad, Brian Rosenthal talks about how when they were developing the show they thought N@zis were more or less a thing of the past, that they're fully aware of how differently that song might be taken now after an escalation into a more open embrace of fascism in the US. And they're absolutely right about that.

But I think that's also perhaps an issue with the staircase scene, or at least it is for me. Obviously homophobia and transphobia were not "fixed" in 2016, they were still massive problems resulting in violence and discrimination and brutality. But institutionally, at least, you could look at the situation and point to some things that were gradually getting better.

In 2016 trans youth in my state were legally allowed to receive gender affirming care. In 2024, they are not. It's not that homophobia and transphobia went away and then came back, but there was a very real resurgence of the use of the media and of governmental power to inflict pain on queer & trans people and chase them out of public life- bathroom bans, gender affirming care bans, Don't Say Gay laws, trying to make drag illegal, equating queer and trans people with pedophilia. There has been a big cultural shift back towards the same kind of violent governmental moral panic that our beloved Curt & Owen would have lived under.

Whatever we want to say about these characters and this story (and there's tons of fascinating debate there), there is still the base of a gay man killing his ex-lover ostensibly to protect US foreign policy objectives. Killing the man he loves- or loved, at least- to protect the secret that he is gay. And that hits different for me now.

I watch that scene and it is heartbreaking on a personal level, but its also heartbreaking as a queer person who just wants to scream "your government will destroy you for being gay, you don't owe them shit!"

Owen tries to explain that the surveillance network is happening, that the future won't wait for Curt to catch up. Barb has been saying she's working on the same thing for the US government the entire show, but Curt just kept ignoring her. And I just want to say "Curt, honey, what do you think your government is going to do to you with that surveillance system? Do you think you're useful enough to keep around even though you have sex with men? Because I promise you they will not care."

It feels tragic to me because on some level it seems like Curt would actually be safer with another gay man having control of all the world's secrets than he will be if the government he has dedicated his life to gets their hands on that same technology.

And the thing is, having a tragic ending doesn't make the show bad. This show is great. This scene is spectacular. It makes you think, it makes you feel things, it does all the stuff that great art is supposed to do. Absolutely none of what I'm saying here is meant to denigrate the show as a musical or a story or even a queer story. I hope it doesn't come off as me saying "actually this show is bad," because I don't feel that way at all.

Clearly I live and breathe this show. That's why I spend all my time on here analyzing every scene, every frame, every facial expression. I love this show so much that I can't help but deconstruct it and look at all its component parts- including the sociopolitical context both now and in 1961. Because that context, despite never being explicitly mentioned, is important to our understanding of these characters.

I love these characters so much that it's actually pretty difficult for me to watch A2P7 anymore, because the staircase scene is so emotionally devastating to me that it's hard to try to swing back into that more comedic tone (even though Spy Dance is a certified bop).

I'm not even sure what my point is with all of this, other than to say that Spies Are Forever is a show that is great and fun and funny as written/performed, and becomes gradually more emotionally devastating when you rewatch it or when you understand the subtext of it. When you can engage with the themes of gender and sexuality, surveillance and technology, trauma and trust, and tease out even more satisfying theories around this show.

So yeah. It's a musical. It's about spies.

Determined to use her skills to fight inequality, South African computer scientist Raesetje Sefala set to work to build algorithms flagging poverty hotspots - developing datasets she hopes will help target aid, new housing, or clinics.

From crop analysis to medical diagnostics, artificial intelligence (AI) is already used in essential tasks worldwide, but Sefala and a growing number of fellow African developers are pioneering it to tackle their continent's particular challenges.

Local knowledge is vital for designing AI-driven solutions that work, Sefala said.

"If you don't have people with diverse experiences doing the research, it's easy to interpret the data in ways that will marginalise others," the 26-year old said from her home in Johannesburg.

Africa is the world's youngest and fastest-growing continent, and tech experts say young, home-grown AI developers have a vital role to play in designing applications to address local problems.

"For Africa to get out of poverty, it will take innovation and this can be revolutionary, because it's Africans doing things for Africa on their own," said Cina Lawson, Togo's minister of digital economy and transformation.

"We need to use cutting-edge solutions to our problems, because you don't solve problems in 2022 using methods of 20 years ago," Lawson told the Thomson Reuters Foundation in a video interview from the West African country.

Digital rights groups warn about AI's use in surveillance and the risk of discrimination, but Sefala said it can also be used to "serve the people behind the data points". ...

'Delivering Health'

As COVID-19 spread around the world in early 2020, government officials in Togo realized urgent action was needed to support informal workers who account for about 80% of the country's workforce, Lawson said.

"If you decide that everybody stays home, it means that this particular person isn't going to eat that day, it's as simple as that," she said.

In 10 days, the government built a mobile payment platform - called Novissi - to distribute cash to the vulnerable.

The government paired up with Innovations for Poverty Action (IPA) think tank and the University of California, Berkeley, to build a poverty map of Togo using satellite imagery.

Using algorithms with the support of GiveDirectly, a nonprofit that uses AI to distribute cash transfers, the recipients earning less than $1.25 per day and living in the poorest districts were identified for a direct cash transfer.

"We texted them saying if you need financial help, please register," Lawson said, adding that beneficiaries' consent and data privacy had been prioritized.

The entire program reached 920,000 beneficiaries in need.

"Machine learning has the advantage of reaching so many people in a very short time and delivering help when people need it most," said Caroline Teti, a Kenya-based GiveDirectly director.

'Zero Representation'

Aiming to boost discussion about AI in Africa, computer scientists Benjamin Rosman and Ulrich Paquet co-founded the Deep Learning Indaba - a week-long gathering that started in South Africa - together with other colleagues in 2017.

"You used to get to the top AI conferences and there was zero representation from Africa, both in terms of papers and people, so we're all about finding cost effective ways to build a community," Paquet said in a video call.

In 2019, 27 smaller Indabas - called IndabaX - were rolled out across the continent, with some events hosting as many as 300 participants.

One of these offshoots was IndabaX Uganda, where founder Bruno Ssekiwere said participants shared information on using AI for social issues such as improving agriculture and treating malaria.

Another outcome from the South African Indaba was Masakhane - an organization that uses open-source, machine learning to translate African languages not typically found in online programs such as Google Translate.

On their site, the founders speak about the South African philosophy of "Ubuntu" - a term generally meaning "humanity" - as part of their organization's values.

"This philosophy calls for collaboration and participation and community," reads their site, a philosophy that Ssekiwere, Paquet, and Rosman said has now become the driving value for AI research in Africa.

Inclusion

Now that Sefala has built a dataset of South Africa's suburbs and townships, she plans to collaborate with domain experts and communities to refine it, deepen inequality research and improve the algorithms.

"Making datasets easily available opens the door for new mechanisms and techniques for policy-making around desegregation, housing, and access to economic opportunity," she said.

African AI leaders say building more complete datasets will also help tackle biases baked into algorithms.

"Imagine rolling out Novissi in Benin, Burkina Faso, Ghana, Ivory Coast ... then the algorithm will be trained with understanding poverty in West Africa," Lawson said.

"If there are ever ways to fight bias in tech, it's by increasing diverse datasets ... we need to contribute more," she said.

But contributing more will require increased funding for African projects and wider access to computer science education and technology in general, Sefala said.

Despite such obstacles, Lawson said "technology will be Africa's savior".

"Let's use what is cutting edge and apply it straight away or as a continent we will never get out of poverty," she said. "It's really as simple as that."

-via Good Good Good, February 16, 2022