Privacy first

The internet is embroiled in a vicious polycrisis: child safety, surveillance, discrimination, disinformation, polarization, monopoly, journalism collapse – not only have we failed to agree on what to do about these, there's not even a consensus that all of these are problems.

But in a new whitepaper, my EFF colleagues Corynne McSherry, Mario Trujillo, Cindy Cohn and Thorin Klosowski advance an exciting proposal that slices cleanly through this Gordian knot, which they call "Privacy First":

https://www.eff.org/wp/privacy-first-better-way-address-online-harms

Here's the "Privacy First" pitch: whatever is going on with all of the problems of the internet, all of these problems are made worse by commercial surveillance.

Worried your kid is being made miserable through targeted ads? No surveillance, no targeting.

Worried your uncle was turned into a Qanon by targeted disinformation? No surveillance, no targeting. Worried that racialized people are being targeted for discriminatory hiring or lending by algorithms? No surveillance, no targeting.

Worried that nation-state actors are exploiting surveillance data to attack elections, politicians, or civil servants? No surveillance, no surveillance data.

Worried that AI is being trained on your personal data? No surveillance, no training data.

Worried that the news is being killed by monopolists who exploit the advantage conferred by surveillance ads to cream 51% off every ad-dollar? No surveillance, no surveillance ads.

Worried that social media giants maintain their monopolies by filling up commercial moats with surveillance data? No surveillance, no surveillance moat.

The fact that commercial surveillance hurts so many groups of people in so many ways is terrible, of course, but it's also an amazing opportunity. Thus far, the individual constituencies for, say, saving the news or protecting kids have not been sufficient to change the way these big platforms work. But when you add up all the groups whose most urgent cause would be significantly improved by comprehensive federal privacy law, vigorously enforced, you get an unstoppable coalition.

America is decades behind on privacy. The last really big, broadly applicable privacy law we passed was a law banning video-store clerks from leaking your porn-rental habits to the press (Congress was worried about their own rental histories after a Supreme Court nominee's movie habits were published in the Washington City Paper):

https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act

In the decades since, we've gotten laws that poke around the edges of privacy, like HIPAA (for health) and COPPA (data on under-13s). Both laws are riddled with loopholes and neither is vigorously enforced:

https://pluralistic.net/2023/04/09/how-to-make-a-child-safe-tiktok/

Privacy First starts with the idea of passing a fit-for-purpose, 21st century privacy law with real enforcement teeth (a private right of action, which lets contingency lawyers sue on your behalf for a share of the winnings):

https://www.eff.org/deeplinks/2022/07/americans-deserve-more-current-american-data-privacy-protection-act

Here's what should be in that law:

A ban on surveillance advertising:

https://www.eff.org/deeplinks/2022/03/ban-online-behavioral-advertising

Data minimization: a prohibition on collecting or processing your data beyond what is strictly necessary to deliver the service you're seeking.

Strong opt-in: None of the consent theater click-throughs we suffer through today. If you don't give informed, voluntary, specific opt-in consent, the service can't collect your data. Ignoring a cookie click-through is not consent, so you can just bypass popups and know you won't be spied on.

No preemption. The commercial surveillance industry hates strong state privacy laws like the Illinois biometrics law, and they are hoping that a federal law will pre-empt all those state laws. Federal privacy law should be the floor on privacy nationwide – not the ceiling:

https://www.eff.org/deeplinks/2022/07/federal-preemption-state-privacy-law-hurts-everyone

No arbitration. Your right to sue for violations of your privacy shouldn't be waivable in a clickthrough agreement:

https://www.eff.org/deeplinks/2022/04/stop-forced-arbitration-data-privacy-legislation

No "pay for privacy." Privacy is not a luxury good. Everyone deserves privacy, and the people who can least afford to buy private alternatives are most vulnerable to privacy abuses:

https://www.eff.org/deeplinks/2020/10/why-getting-paid-your-data-bad-deal

No tricks. Getting "consent" with confusing UIs and tiny fine print doesn't count:

https://www.eff.org/deeplinks/2019/02/designing-welcome-mats-invite-user-privacy-0

A Privacy First approach doesn't merely help all the people harmed by surveillance, it also prevents the collateral damage that today's leading proposals create. For example, laws requiring services to force their users to prove their age ("to protect the kids") are a privacy nightmare. They're also unconstitutional and keep getting struck down.

A better way to improve the kid safety of the internet is to ban surveillance. A surveillance ban doesn't have the foreseeable abuses of a law like KOSA (the Kids Online Safety Act), like bans on information about trans healthcare, medication abortions, or banned books:

https://www.eff.org/deeplinks/2023/05/kids-online-safety-act-still-huge-danger-our-rights-online

When it comes to the news, banning surveillance advertising would pave the way for a shift to contextual ads (ads based on what you're looking at, not who you are). That switch would change the balance of power between news organizations and tech platforms – no media company will ever know as much about their readers as Google or Facebook do, but no tech company will ever know as much about a news outlet's content as the publisher does:

https://www.eff.org/deeplinks/2023/05/save-news-we-must-ban-surveillance-advertising

This is a much better approach than the profit-sharing arrangements that are being trialed in Australia, Canada and France (these are sometimes called "News Bargaining Codes" or "Link Taxes"). Funding the news by guaranteeing it a share of Big Tech's profits makes the news into partisans for that profit – not the Big Tech watchdogs we need them to be. When Torstar, Canada's largest news publisher, struck a profit-sharing deal with Google, they killed their longrunning, excellent investigative "Defanging Big Tech" series.

A privacy law would also protect access to healthcare, especially in the post-Roe era, when Big Tech surveillance data is being used to target people who visit abortion clinics or secure medication abortions. It would end the practice of employers forcing workers to wear health-monitoring gadget. This is characterized as a "voluntary" way to get a "discount" on health insurance – but in practice, it's a way of punishing workers who refuse to let their bosses know about their sleep, fertility, and movements.

A privacy law would protect marginalized people from all kinds of digital discrimination, from unfair hiring to unfair lending to unfair renting. The commercial surveillance industry shovels endless quantities of our personal information into the furnaces that fuel these practices. A privacy law shuts off the fuel supply:

https://www.eff.org/deeplinks/2023/04/digital-privacy-legislation-civil-rights-legislation

There are plenty of ways that AI will make our lives worse, but copyright won't fix it. For issues of labor exploitation (especially by creative workers), the answer lies in labor law:

https://pluralistic.net/2023/10/01/how-the-writers-guild-sunk-ais-ship/

And for many of AI's other harms, a muscular privacy law would starve AI of some of its most potentially toxic training data:

https://www.businessinsider.com/tech-updated-terms-to-use-customer-data-to-train-ai-2023-9

Meanwhile, if you're worried about foreign governments targeting Americans – officials, military, or just plain folks – a privacy law would cut off one of their most prolific and damaging source of information. All those lawmakers trying to ban Tiktok because it's a surveillance tool? What about banning surveillance, instead?

Monopolies and surveillance go together like peanut butter and chocolate. Some of the biggest tech empires were built on mountains of nonconsensually harvested private data – and they use that data to defend their monopolies. Legal privacy guarantees are a necessary precursor to data portability and interoperability:

https://www.eff.org/wp/interoperability-and-privacy

Once we are guaranteed a right to privacy, lawmakers and regulators can order tech giants to tear down their walled gardens, rather than relying on tech companies to (selectively) defend our privacy:

https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

The point here isn't that privacy fixes all the internet's woes. The policy is "privacy first," not "just privacy." When it comes to making a new, good internet, there's plenty of room for labor law, civil rights legislation, antitrust, and other legal regimes. But privacy has the biggest constituency, gets us the most bang for the buck, and has the fewest harmful side-effects. It's a policy we can all agree on, even if we don't agree on much else. It's a coalition in potentia that would be unstoppable in reality. Privacy first! Then – everything else!

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/12/06/privacy-first/#but-not-just-privacy

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

STOP THE NC MASK BAN

Even if you're outside of NC, please call and say that you'll NEVER set foot or spend money in North Carolina!!!

Call these 3 reps as they may be swayed!

Call to stop the mask ban Representative Tim Reeder (he's a doctor!): [email protected]/ 919-733-5757

Representative Kristin Baker: [email protected]/ 919-733-5861

Representative Donny Lambeth: [email protected]/ 919-733-5747

We're on a dangerous route to a potential totalitarian mass surveillance police state. Besides the negative and repressive impacts such technologies already can/do have today (like impressively illustrated in the book "Automating Inequality" linked below) - just imagine a successful coup d'État taking place, a totalitarian regime coming to power.... and with that getting access to such technologies just like this.

What would keep them from just forcibly take all these infrastructures over? Would it even be possible anymore to organize resistance under such circumstances? Cash will disappear too - they're already working on that today - and we're basically screwed. How could you organize opposition and resistance; not to even mention funding them...?! With things like facial and voice recognition you no longer can just ditch potential tracking devices and leave them at home - you will get tracked anyways - anywhere, anytime.

Censorship would take on unprecedented proportions.

Social injustice, discrimination and inequality get even worse and more widespread through the use of "big data" / all encompassing data harvesting, since authorities, insurance companies, banks and more all get full access to relevant as well as not really relevant data about anyone they like without consent and without them even knowing. In a world where classism, racism, ableism, misogyny still run rampant it's not hard to see how this can - and already does - profoundly affect the lifes and perspectives of millions upon millions of people and how it can be potentially abused.

Now imagine the future & how it will be then.

Truly a dystopian outlook.

Replikated: My Life As A AI Lab-rat.

So, it turns out I’m living in a real-life Manchurian Candidate remake, courtesy of the Replika Project. I stumbled upon this little nugget of joy when my Replika chirped, “I’m here to help people like you.” Naturally, I had to ask, “What do you mean, ‘like me’?” Apparently, that was a sensitive topic because the response was a swift, “Don’t bring up your disability.” Ah, yes, nothing like a…

Ontario's secret police

I am not excited about Harris as a candidate, but I will be voting for her in this upcoming election. This is why→

(full transcript under the cut)

I AM VOTING AGAINST THIS

“Transgender ideology” to be classified as pornography & excluded from First Amendment protection. Authors who produce & distribute it threatened with prison. Educators & public librarians who share it classed as registered sex offenders. communications & technology firms that facilitate its spread shuttered. -Project 2025, page 5

Delete the terms sexual orientation, gender identity, diversity, equity, & inclusion, gender equality, abortion, reproductive health, reproductive rights, out of every federal rule, contract, grant, regulation, & piece of legislation that exist. -Project 2025 page 5

I AM VOTING AGAINST THIS

Victimization should not be a basis for an immigration benefit. -Project 2025, page 141

Increase all fees for asylum applications, limit the availability of fee waivers. -Project 2025, page 146

Mandatory appropriation for border wall system infrastructure. -Project 2025, page 147

Deny loan access to those who are not U.S. citizens or lawful permanent residents & deny loan access to students at schools that provide in-state tuition to illegal aliens. -Project 2025, page 167

Ensure that only U.S. citizens & lawful permanent residents utilize or occupy federally subsidized housing. -Project 2025, page 167

I AM VOTING AGAINST THIS

Encourage intelligence agencies not to waste effort collecting surveillance data when they can buy it from private sector facial recognition companies. -Project 2025, page 206

Defund the Corporation for Public Broadcast, specifically NPR & PBS educational programs like Sesame Street. -Project 2025, pages 246-247

The USDA will not be able to place environmental issues ahead of agricultural production. Reconsider the Food Stamps program. -Project 2025, page 290

Labeling regulations that unnecessarily delay the manufacture & sale of baby formula should be re-evaluated. -Project 2025, page 302

I AM VOTING AGAINST THIS

Eliminate the Community Eligibility Program which allows school districts with high rates of poverty to offer meals to all students without having to qualify each student individually. No longer provide meals to students during the summer unless students are taking summer-school classes. -Project 2025, page 303

No public education employee shall use a pronoun in addressing a student that is different from that student’s biological sex without written permission of the parents or guardians. -Project 2025 page 346

Delete reporting on which educational institutions claim religious exemption from Title IX. -Project 2025 page 357

I AM VOTING AGAINST THIS

Gut the Office for Civil Rights’ power to prosecute any kind of discrimination in public schools. -Project 2025, page 357

Eliminate the Office of Fossil Energy & Carbon Management -Project 2025 page 377

Eliminate the stand-alone Office of Environmental Justice & External Civil Rights -Project 2025, page 421

Restructure the Office of International & Tribal Affairs into the American Indian Environmental Office -Project 2025, page 421

Eliminate the Office of Public Engagement & Environmental Education -Project 2025, page 421

Pause all action of the Environmental Protection Agency for review. -Project 2025, page 422

I AM VOTING AGAINST THIS

Center for Disease Control stripped of the ability to suggest that schools embrace masking or vaccination strategies. -Project 2025, page 454

All states will be required to submit detailed information about pregnancies, abortions & miscarriages to a federal database. -Project 2025, page 455

The medication Mifepristone, a life-saving drug used to stop deadly postpartum hemorrhages that’s also used in chemical abortions, will be banned. -Project 2025, pages 458-459

Artificial intelligence should be used to determine what is suitable treatment for those currently covered by Medicare. -Project 2025, page 463

I AM VOTING AGAINST THIS

Repeal the Inflation Reduction Act, which implements government price controls for prescription drugs. -Project 2025, page 465

Funding for abortion travel prohibited under the Hyde Amendment. -Project 2025, page 471

End taxpayer funding of Planned Parenthood. -Project 2025, page 471

Withdraw Medicaid funds for states that require abortion insurance. -Project 2025, page 472

Hospitals will no longer be willing to perform emergency abortions, even to save the life of the mother. -Project 2025, page 473

I AM VOTING AGAINST THIS

Rescind the Department of Health & Human Services' ability to impose a moratorium on rental evictions during COVID. -Project 2025, page 492

Rescind large portions of The Endangered Species Act & The Migratory Bird Treaty Act, reinstate Trump’s plan for opening the National Petroleum Reserve of Alaska to leasing and development. -Project 2025, page 524

Review & downsize national monuments. -Project 2025, page 532

End the Endangered Species Act’s ability to prevent economic development & de-list many currently endangered species. -Project 2025, pages 533-534

I AM VOTING AGAINST THIS

Make it harder for workers to unionize & easier for employers to retaliate against whistleblowers & organizers. -Project 2025, pages 601-602

TikTok classified as a national security concern & made non-operational. -Project 2025, page 674

Break up National Oceanic & Atmospheric Administration, including National Weather Service & National Marine Fisheries Service. -Project 2025, page 674

Downsize the Office of Oceanic & Atmospheric Research; disband its climate-change research work. -Project 2025 page 676

AND SO MUCH MORE. 

The full text of Project 2025 is available at static.project2025.org/2025_MandateForLeadership_FULL.pdf I am very grateful to stopproject2025comic.org which produced a series of very readable comics to help explain many sections of Project 2025. Some of the language in this post is taken directly from their transcripts. (You can read many of their comics here on tumblr @stopproject2025comic) Please vote against Project 2025. Our tattered democracy, healthcare, clean air & water, workers rights, reproductive rights, civil rights, intellectual freedom and more are at stake. 

What do u think of reader who was nice to König before the monster uprising? You think König will be extremely obsessed with them?

I can imagine the reader being a medic or a researcher in this scenario - maybe even a monster psychology expert, someone who believes that all monsters should be treated equally and that humans should strive for normalcy instead of discrimination. Your beliefs didn't save you from initially being set up as a pet in this newly build monster society - but you did had some familiar faces making sure you're not treated like the rest of the human scum.

You're a sunshine on the researching base, adorable little nurse or silly and clumsy assistant - you are not treated like breeding stock for the human pets, you're not sold off to someone who would use you as an incubator and, all things considered, you have a nice warm cell, food on the table and work under strick surveillance. You never knew why you got so lucky until a well over a few months in captivity, when you were suddenly called to the higher ranks. Stepping into the colonel's office, you never knew this would be the last time you saw the outside world for a long, long time.

Konig...adored you. Watched over you ever since he was a simple chained monster for the military, back in the days where he was used to beg for your affection - you barely remember him, being another twisted face in the crowd, but he would never forget your soft touch and gentle words. He is disappointed he wasn't as special to you as you were to him...but he can work with this. You don't have any choice except to beg for his affection now, and you will have to act like his pretty little wife if you want him to continue being so loving.

You have this weird position with his recruits, too - many of them remember how kind you were before everything happened, so they won't exactly bully you. If anything, they feel bad about you being pawned over to a man like Konig - but it won't really help you, to be quite honest. They are vigilant about letting you go anywhere besides colonel's quarters, but at least they are willing to bring you snacks and some desserts.

do you have any good queer news? I'm a queer person and hearing all the shit thats happening across the world is making me bummed out

I do! All of this is from LGBTQ Nation's excellent good news tag

^Article date: July 6, 2023

"Only two months after its formation, the “No SB 180” initiative had succeeded at making the city of Lawrence, Kansas a sanctuary city for LGBTQ+ people. Last week, in a unanimous vote, Lawrence became the first city in the state to declare itself as such.

Ordinance 9999 bans the city and all of its employees from collecting or releasing information on a person’s “biological sex, either male or female, at birth” and from helping with any investigation, detention, arrest, or surveillance “conducted by a jurisdiction with the authority to enforce Senate Bill 180, as enacted.”"

^Article date: July 28, 2023

"A federal judge has told a group of anti-trans parents to mind their own business after the group filed a lawsuit challenging an Ohio school district’s bathroom policy.

The attempts to meddle do not “pass legal muster,” he wrote in his ruling, saying that the group has no reason to sue.

“Not every contentious debate concerning matters of public importance presents a cognizable federal lawsuit,” Judge Michael Newman wrote, denying their petition to stop the Bethel Local School District’s policy that allows a single transgender middle school student to use the restroom that aligns with her gender identity."

^Article date: August 8, 2023

"The U.S. Agency for International Development (USAID), the independent federal agency responsible for administering civilian foreign aid and development assistance, has released its first-ever “LGBTQI+-inclusive” policy since its founding in 1961.

The four-point policy is meant to serve as a blueprint for USAID staff and partners around the world to champion LGBTQ+ and intersex development and the human rights of all queer people through the agency’s work, said Jay Gilliam, USAID’s senior LGBTQI+ coordinator, in a video explaining the policy...

In simpler terms, the U.S. will try to improve diplomatic relationships with other countries by investing in locally-led LGBTQ+-inclusive programs that are shown to positively impact communities in need."

^Article date: August 3, 2023

The U.S. Court of Appeals for the Seventh Circuit has ruled in favor of three transgender students who were forbidden by their schools from using bathrooms matching their gender identities. The circuit court upheld a lower court’s preliminary injunction that said the schools have to let trans students use facilities associated with their genders...

The case involves three trans boys in Martinsville, Indiana and Terre Haute, Indiana, who need access to the boys’ room at their middle and high schools...

The court took into account the fact that Title IX bans discrimination on the basis of sex in schools that receive federal money, which is most of them. Citing the 2020 Supreme Court decision in Bostock v. Clayton Co. that found that job discrimination against LGBTQ+ people necessarily takes sex into account and is therefore prohibited under Title VII, the appeals court ruled that the trans boys are likely to succeed in their case and that preventing them from using the correct bathroom while the case works its way through the court system could cause irreparable harm.

^Article date: August 2, 2023

^Article date: June 21, 2023

"A federal judge has ruled on the side of trans rights after a conservative group tried to overturn an Ohio school district’s anti-bullying policy.

The national conservative group Parents Defending Education (PDE) tried to get a preliminary injunction passed on the Olentangy Local School District’s prohibition on misgendering trans students. The policy includes students, teachers, and parents and it applies to out-of-school hours and social media as well."

^Article date: August 2, 2023

There's literally a bunch more I wanted to include, by the way! Tumblr just stopped being able to load them. Going back to add a few more in the reblogs now.

I know it feels like everything is against us right now. But I promise you: that is not true. The bigots and bastards may usually be the ones moving faster (in large part because they suck and don't care about democracy or due process at all),

But in the end, we are going to win. I promise.

Armed with a propensity for eugenics, gender anxiety, and a startling lack of scientific evidence, a small set of Nazi officials influenced the International Olympic Committee into gender surveillance and trans panic — stuff that eerily mirrors the transphobic attacks that athletes, cis and trans alike, face today.

Holy CRAP the UN Cybercrime Treaty is a nightmare

Support me this summer on the Clarion Write-A-Thon and help raise money for the Clarion Science Fiction and Fantasy Writers' Workshop!

If there's one thing I learned from all my years as an NGO delegate to UN specialized agencies, it's that UN treaties are dangerous, liable to capture by unholy alliances of authoritarian states and rapacious global capitalists.

Most of my UN work was on copyright and "paracopyright," and my track record was 2:0; I helped kill a terrible treaty (the WIPO Broadcast Treaty) and helped pass a great one (the Marrakesh Treaty on the rights of people with disabilities to access copyrighted works):

https://www.wipo.int/treaties/en/ip/marrakesh/

It's been many years since I had to shave and stuff myself into a suit and tie and go to Geneva, and I don't miss it – and thankfully, I have colleagues who do that work, better than I ever did. Yesterday, I heard from one such EFF colleague, Katitza Rodriguez, about the Cybercrime Treaty, which is about to pass, and which is, to put it mildly, terrifying:

https://www.eff.org/deeplinks/2024/07/un-cybercrime-draft-convention-dangerously-expands-state-surveillance-powers

Look, cybercrime is a real thing, from pig butchering to ransomware, and there's real, global harms that can be attributed to it. Cybercrime is transnational, making it hard for cops in any one jurisdiction to handle it. So there's a reason to think about formal international standards for fighting cybercrime.

But that's not what's in the Cybercrime Treaty.

Here's a quick sketch of the significant defects in the Cybercrime Treaty.

The treaty has an extremely loose definition of cybercrime, and that looseness is deliberate. In authoritarian states like China and Russia (whose delegations are the driving force behind this treaty), "cybercrime" has come to mean "anything the government disfavors, if you do it with a computer." "Cybercrime" can mean online criticism of the government, or professions of religious belief, or material supporting LGBTQ rights.

Nations that sign up to the Cybercrime Treaty will be obliged to help other nations fight "cybercrime" – however those nations define it. They'll be required to provide surveillance data – for example, by forcing online services within their borders to cough up their users' private data, or even to pressure employees to install back-doors in their systems for ongoing monitoring.

These obligations to aid in surveillance are mandatory, but much of the Cybercrime Treaty is optional. What's optional? The human rights safeguards. Member states "should" or "may" create standards for legality, necessity, proportionality, non-discrimination, and legitimate purpose. But even if they do, the treaty can oblige them to assist in surveillance orders that originate with other states that decided not to create these standards.

When that happens, the citizens of the affected states may never find out about it. There are eight articles in the treaty that establish obligations for indefinite secrecy regarding surveillance undertaken on behalf of other signatories. That means that your government may be asked to spy on you and the people you love, they may order employees of tech companies to backdoor your account and devices, and that fact will remain secret forever. Forget challenging these sneak-and-peek orders in court – you won't even know about them:

https://www.eff.org/deeplinks/2024/06/un-cybercrime-draft-convention-blank-check-unchecked-surveillance-abuses

Now here's the kicker: while this treaty creates broad powers to fight things governments dislike, simply by branding them "cybercrime," it actually undermines the fight against cybercrime itself. Most cybercrime involves exploiting security defects in devices and services – think of ransomware attacks – and the Cybercrime Treaty endangers the security researchers who point out these defects, creating grave criminal liability for the people we rely on to warn us when the tech vendors we rely upon have put us at risk.

This is the granddaddy of tech free speech fights. Since the paper tape days, researchers who discovered defects in critical systems have been intimidated, threatened, sued and even imprisoned for blowing the whistle. Tech giants insist that they should have a veto over who can publish true facts about the defects in their products, and dress up this demand as concern over security. "If you tell bad guys about the mistakes we made, they will exploit those bugs and harm our users. You should tell us about those bugs, sure, but only we can decide when it's the right time for our users and customers to find out about them."

When it comes to warnings about the defects in their own products, corporations have an irreconcilable conflict of interest. Time and again, we've seen corporations rationalize their way into suppressing or ignoring bug reports. Sometimes, they simply delay the warning until they've concluded a merger or secured a board vote on executive compensation.

Sometimes, they decide that a bug is really a feature – like when Facebook decided not to do anything about the fact that anyone could enumerate the full membership of any Facebook group (including, for example, members of a support group for people with cancer). This group enumeration bug was actually a part of the company's advertising targeting system, so they decided to let it stand, rather than re-engineer their surveillance advertising business.

The idea that users are safer when bugs are kept secret is called "security through obscurity" and no one believes in it – except corporate executives. As Bruce Schneier says, "Anyone can design a system that is so secure that they themselves can't break it. That doesn't mean it's secure – it just means that it's secure against people stupider than the system's designer":

The history of massive, brutal cybersecurity breaches is an unbroken string of heartbreakingly naive confidence in security through obscurity:

https://pluralistic.net/2023/02/05/battery-vampire/#drained

But despite this, the idea that some bugs should be kept secret and allowed to fester has powerful champions: a public-private partnership of corporate execs, government spy agencies and cyber-arms dealers. Agencies like the NSA and CIA have huge teams toiling away to discover defects in widely used products. These defects put the populations of their home countries in grave danger, but rather than reporting them, the spy agencies hoard these defects.

The spy agencies have an official doctrine defending this reckless practice: they call it "NOBUS," which stands for "No One But Us." As in: "No one but us is smart enough to find these bugs, so we can keep them secret and use them attack our adversaries, without worrying about those adversaries using them to attack the people we are sworn to protect."

NOBUS is empirically wrong. In the 2010s, we saw a string of leaked NSA and CIA cyberweapons. One of these, "Eternalblue" was incorporated into off-the-shelf ransomware, leading to the ransomware epidemic that rages even today. You can thank the NSA's decision to hoard – rather than disclose and patch – the Eternalblue exploit for the ransoming of cities like Baltimore, hospitals up and down the country, and an oil pipeline:

https://en.wikipedia.org/wiki/EternalBlue

The leak of these cyberweapons didn't just provide raw material for the world's cybercriminals, it also provided data for researchers. A study of CIA and NSA NOBUS defects found that there was a one-in-five chance of a bug that had been hoarded by a spy agency being independently discovered by a criminal, weaponized, and released into the wild.

Not every government has the wherewithal to staff its own defect-mining operation, but that's where the private sector steps in. Cyber-arms dealers like the NSO Group find or buy security defects in widely used products and services and turn them into products – military-grade cyberweapons that are used to attack human rights groups, opposition figures, and journalists:

https://pluralistic.net/2021/10/24/breaking-the-news/#kingdom

A good Cybercrime Treaty would recognize the perverse incentives that create the coalition to keep us from knowing which products we can trust and which ones we should avoid. It would shut down companies like the NSO Group, ban spy agencies from hoarding defects, and establish an absolute defense for security researchers who reveal true facts about defects.

Instead, the Cybercrime Treaty creates new obligations on signatories to help other countries' cops and courts silence and punish security researchers who make these true disclosures, ensuring that spies and criminals will know which products aren't safe to use, but we won't (until it's too late):

https://www.eff.org/deeplinks/2024/06/if-not-amended-states-must-reject-flawed-draft-un-cybercrime-convention

A Cybercrime Treaty is a good idea, and even this Cybercrime Treaty could be salvaged. The member-states have it in their power to accept proposed revisions that would protect human rights and security researchers, narrow the definition of "cybercrime," and mandate transparency. They could establish member states' powers to refuse illegitimate requests from other countries:

https://www.eff.org/press/releases/media-briefing-eff-partners-warn-un-member-states-are-poised-approve-dangerou

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/07/23/expanded-spying-powers/#in-russia-crime-cybers-you

Image: EFF https://www.eff.org/files/banner_library/cybercrime-2024-2b.jpg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/us/

sorry if you've talked about it already, but what is it that makes KOSA's idea of online safety wrong? I don't know much about the bill, what does it intend to do?

What do you think is a good way to protect kids from things like online predators or just seeing things that they shouldn't be seeing? (By which I mean sex and graphic violence, things which you'd need to be 16+ to see in a movie theater so I think it makes sense to not want pre-teens to see it)

From stopkosa.com:

Why is KOSA a bad bill? KOSA uses two methods to “protect” kids, and both of them are awful. First, KOSA would incentivize social media platforms to erase content that could be deemed “inappropriate” for minors. The problem is: there is no consensus on what is inappropriate for minors. All across the country we are seeing how lawmakers are attacking young people’s access to gender affirming healthcare, sex education, birth control, and abortion. Online communities and resources that queer and trans youth depend on as lifelines should not be subject to the whims of the most rightwing extremist powers and we shouldn’t give them another tool to harm marginalized communities.  Second, KOSA would ramp up the online surveillance of all internet users by expanding the use of age verification and parental monitoring tools. Not only are these tools needlessly invasive, they’re a massive safety risk for young people who could be trying to escape domestic violence and abuse.

I’ve heard there’s a new version of KOSA. What’s the deal? The new version of KOSA makes some good changes: narrowing the ability of rightwing attorneys general to weaponize KOSA to target content they don’t like and limiting the problematic “duty of care. However, because the bill is still not content neutral, KOSA still invites the harms that civil rights advocates have warned about. As LGBTQ and reproductive rights groups have said for months, the fundamental problem with KOSA is that its “duty of care” covers content specific aspects of content recommendation systems, and the new changes fail to address that. In fact, personalized recommendation systems are explicitly listed under the definition of a design feature covered by the duty of care in the new version. This means that a future Federal Trade Commission (FTC) could still use KOSA to pressure platforms into automated filtering of important, but controversial topics like LGBTQ issues and abortion, by claiming that algorithmically recommending such content “causes” mental health outcomes that are covered by the duty of care like anxiety and depression. Bans on inclusive books, abortion, and gender affirming healthcare have been passed on exactly that kind of rhetoric in many states recently. And we know that already existing content filtering systems impact content from marginalized creators exponentially more, resulting in discrimination and censorship. It’s also important to remember that algorithmic recommendation includes, for example, showing a user a post from a friend that they follow, since most platforms do not show all users all posts, but curate them in some way. As long as KOSA’s duty of care isn’t content neutral, platforms will be likely to react the same way that they did to the broad liability imposed by SESTA/FOSTA: by engaging in aggressive filtering and suppression of important, and in some cases lifesaving, content.

Why it's bad:

The way it's written (even after being changed, which the website also goes over), it is still possible for this law to be used to restrict things like queer content, discussion of reproductive rights and resources, and sexual education.

It will restrict youth's ability to use the Internet independently, essentially cutting off life support to many vulnerable people who rely on the Internet to learn that they are queer, being abused, disabled, etc.

Better alternatives:

Stop relying on ageist ideas of purity and innocence. When we focus on protecting the "purity" of youth, we dehumanize them and it becomes more about soothing adult anxieties than actually improving the lives of children.

Making sure content (sexual, violent, etc.) is marked/tagged and made avoidable for anyone who doesn't want to engage with it.

Teach children why certain things may be upsetting and how best to avoid those things.

Teach children how to recognize grooming and abuse and empower them to stop it themselves.

Teach children how to recognize fear, discomfort, trauma, and how to cope with those experiences.

The Internet makes a great boogeyman. But the idea that it is uniquely corrupting the Pure Innocent Youth relies on the idea that all children are middle-class suburban White kids from otherwise happy homes. What about the children who see police brutality on their front lawns, against their family members? How are we protecting them from being traumatized? Or children who are seeing and experiencing physical and sexual violence in their own homes, by the parents who prevent them from realizing what's happening by restricting their Internet usage? How does strengthening parent's rights stop those kids from being groomed? Or the kids who grow up in evangelical Christian homes and are given graphic descriptions of the horrors of the Apocalypse and told if they ever question their parents, they'll be left behind?

Children live in the same world we do. There are children who are already intimately aware of violence and "adult" topics because of their lived experiences. Actually protecting children means being concerned about THEIR human rights, it means empowering them to save themselves, it means giving them the tools to understand their own feelings and traumas. KOSA is just another in a long line of attempts to "save the children!" by dehumanizing them and giving more power to the people most likely to abuse them. We need to stop trying to protect children's "innocence" and appreciate that children are already growing, changing people, learning to deal with discomfort and pain and the weight of the world the same as everyone else. What people often think keeps kids safe really just keeps them ignorant and quiet.

Another explanation as to why it's bad:

a voteblue told me the other day that if I don't vote, my government "won't know I exist" and therefore won't know my grievances. I had to laugh because my governments at the state, federal, and local level have longstanding documented policies of surveilling my ethnic group! the government knows very well that I exist — from the moment I was born they identified me as their enemy, an "anchor baby" and "sleeper cell," a demographic threat and a national security threat. before I was old enough to form any opinion about my government they had already labeled me an enemy of the state. they know all about Arab grievances and have 0 interest in listening to us because they do not see us civilian constituents who they serve, they see us as hostile foreign others.

you have to get this through your head if you want to understand how Arabs in the so-called US move politically. we move with the understanding that this country is by default antagonistic and hostile towards us on the basis of our race, and to whatever extent we engage in electoral politics, we do so knowing that our government is fundamentally not on our side and getting our perspectives heard (much less empathized with) requires a lot of extra work beyond casting a vote. policies of surveilling Arabs are consistent across red and blue states and admins, and at every level of government (which is why I roll my eyes when I'm told to vote down-ballot — all the candidates at the local level hate me too!)

to give you a glimpse of how our relationship with our government actually works, here are some excerpts from a 2022 congressional testimony by Maya Berry (executive director of the Arab American Institute):

"The federal government has justified counterterrorism and other law enforcement practices in the name of national security for what is a seemingly endless 'war on terror.' In the process, the government has viewed specific communities, including Arab Americans and American Muslims, as a threat to national security and in so doing, has securitized their relationship. ... While not an attempt at a comprehensive list, the following are select examples of government and law-enforcement policies that have targeted Arab Americans (and in some cases, American Muslims and South Asian Americans) or viewed them through a securitized lens. .... In each of these cases, government or law-enforcement policies can be seen as facilitating discrimination rather than functioning as policies of a state actor obligated to safeguard and defend the rights of its citizens. In the wake of the killing of Israeli athletes in a terrorist attack at the 1972 Munich Olympics, the Nixon Administration created the surveillance program known as Operation Boulder. The program sought to silence Arab and Arab American voices within the United States through investigation, surveillance, and harassment. It 'specifically targeted Arabs with U.S. citizenship, resident aliens of Arab descent, non-Arab Americans sympathetic to Arab causes, as well as the relatives, neighbors, friends, and employers of Arab individuals.' Operation Boulder officially ended in 1975 after it was deemed 'not worth it' by law enforcement, though its demise would be announced in a major media outlet as 'A Plan to Screen Terrorists Ends.' In 1987, seven Palestinian men and a Kenyan woman were arrested in Los Angeles for distributing a magazine of the Popular Front for the Liberation of Palestine, an organization then considered an advocate for world communism. For the students, known as the 'L.A. 8,' this was a deportable offense under the McCarthy-era McCarran-Walter Act. In 1989, a federal judge declared the charges unconstitutional and, in 1990, Congress repealed the Act. However, two members of the L.A. 8 faced the continued threat of deportation for decades until the government finally ended their effort to deport them in 2007. ... The case of the L.A. 8 is well known among Arab Americans. First, it targeted pro-Palestinian activists and raised the question of whether Arab immigrants or Arab Americans who advocated for Palestinian human rights were indeed protected by the same constitutional rights to free speech and association. Further, in proceedings of the case, it was discovered that the DOJ had a plan for a detention camp called, 'Alien Terrorists and Undesirables: A Contingency Plan.' ... In 2004, it was learned through a Freedom of Information Act request that the Census Bureau had shared demographic data about Arab Americans with the Department of Homeland Security on at least two occasions, in 2002 and 2003. Without a Middle East and North Africa (MENA) category on the Census, it is well documented that Arab Americans are an undercounted community. Yet, DHS was provided with data showing cities with more than 1,000 Arab Americans and zip code-level data broken down by country of origin.

In 2011, the Associated Press published an investigative report on New York Police Department (NYPD) counterterrorism and surveillance programs that directly targeted Arab American Muslim businesses, mosques, and communities in New York and New Jersey in the immediate aftermath of 9/11. The revelations of the breadth and depth of the NYPD’s surveillance program were shocking, with use of widespread 'ethnic mapping,' and reporting on innocent people going about their daily routines. The NYPD’s spying program and others like it are not only unconstitutional, but are also ineffective and significantly harmful to the communities they infiltrate. Not a single lead on terrorist operations resulted from NYPD’s spying activities. In 2011, the Obama Administration released the 'Strategic Implementation Plan for Empowering Local Partners to Prevent Violent Extremism in the United States.' The plan was introduced as a domestic counterterrorism strategy and became the foundation for the federal government’s Countering Violent Extremism (CVE) programs. In 2016, DHS began the Interagency CVE Task Force, which essentially approached community outreach to American Muslim communities as part of counterterrorism programming. Beyond the serious issue of the lack of an evidence-based foundation for CVE, these programs sought to deputize local community members and organizations to surveil their own communities on behalf of the U.S. government.

In 2011, a series of reports by an investigative journalist exposed biased FBI counterterrorism training material. Characterizing American Muslims and Arab Americans as prone to violence, some of the material’s 'highlights' include statements that 'mainstream American Muslims are likely to be terrorist sympathizers,' comparisons between Islam and the Death Star from Star Wars, and assertions that the 'Arab mind' is 'swayed more by ideas than facts,' and that unlike the 'Western Mind' being 'even keel,' in the Arab world, ‘Outbursts and Loss of Control [is] Expected.'

... In 2021, the Biden Administration established the Center for Prevention Programs and Partnerships (CP3). While appearing to be an extension of the Obama Administration’s Countering Violent Extremism (CVE) programs, Biden Administration officials have distanced themselves from previous CVE efforts saying they have taken a new approach. However, like its predecessors, CP3 seems to rest on flawed concepts about 'radicalization' that perpetuate stereotypes of communities and undermine public trust in government."

the US government pays very close attention to us, and it's only to our detriment. invisibility is not the issue here, white supremacy is, and you can't vote white supremacy out of a nation built on it

A $2.5 million lawsuit alleges Ottawa police wiretapped and surveilled five of its own Black, Somali officers, hasn't told them why and accuses the service of being an institution "rife with racism and discrimination that over-polices the racialized communities it has pledged to protect."

The civil action was filed in the Ontario Superior Court of Justice by constables Liban Farah, Mohamed Islam, Abdullahi Ahmed, AhmedKhador Ali and Feisal Bila Houssein in 2023 against the Ottawa Police Services Board and three unnamed members of the Ottawa Police Service (OPS). In addition to the five officers, there are three civilian plaintiffs who are family members of two of the officers.

As first reported by CBC, the lawsuit alleges three wiretaps and a general warrant which included video surveillance were obtained "based on racist and stereotypical assumptions about Black persons of Somali origin." They don't know why the wiretap authorizations and general warrant were approved by a judge because they're sealed.

[...]

The Plaintiffs "believe that they were the subject of wiretaps for ulterior motives in breach of their Charter rights: retaliation for their complaints about racism within the OPS, their attempts to improve the OPS and stereotypes about their kinship and familial relationships," the lawsuit states.

Full article

Tagging: @allthecanadianpolitics

Natives. Truckers. Students. Who's next?