" /> net.wars: July 2019 Archives

« June 2019 | Main | August 2019 »

July 26, 2019

Hypothetical risks

Great Hack - data connections.png"The problem isn't privacy," the cryptography pioneer Whitfield Diffie said recently. "It's corporate malfeasance."

This is obviously right. Viewed that way, when data profiteers claim that "privacy is no longer a social norm", as Facebook CEO Mark Zuckerberg did in 2010, the correct response is not to argue about privacy settings or plead with users to think again, but to find out if they've broken the law.

Diffie was not, but could have been, talking specifically about Facebook, which has blown up the news this week. The first case grabbed most of the headlines: the US Federal Trade Commission fined the company $5 billion. As critics complained, the fine was insignificant to a company whose Q2 2019 revenues were $16.9 billion and whose quarterly profits are approximately equal to the fine. Medium-term, such fines have done little to dent Facebook's share prices. Longer-term, as the cases continue to mount up...we'll see. Also this week, the US Department of Justice launched an antitrust investigation into Apple, Amazon, Alphabet (Google), and Facebook.

The FTC fine and ongoing restrictions have been a long time coming; EPIC executive director Marc Rotenberg has been arguing ever since the Cambridge Analytica scandal broke that Facebook had violated the terms of its 2011 settlement with the FTC.

If you needed background, this was also the week when Netflix released the documentary, The Great Hack, in which directors Karim Amer and Jehane Noujairn investigate the role Cambridge Analytica and Facebook played in the 2016 EU referendum and US presidential election votes. The documentary focuses primarily on three people: David Carroll, who mounted a legal action against Facebook to obtain his data; Brittany Kaiser, a director of Cambridge Analytica who testified against the company; and Carole Cadwalladr, who broke the story. In his review at the Guardian, Peter Bradwell notes that Carroll's experience shows it's harder to get your "voter profile" out of Facebook than from the Stasi, as per Timothy Garton Ash. (Also worth viewing: the 2006 movie The Lives of Others.)

Cadwalladr asks in her own piece about The Great Hack and in her 2019 TED talk, whether we can ever have free and fair elections again. It's a difficult question to answer because although it's clear from all these reports that the winning side of both the US and UK 2016 votes used Facebook and Cambridge Analytica's services, unless we can rerun these elections in a stack of alternative universes we can never pinpoint how much difference those services made. In a clip taken from the 2018 hearings on fake news, Damian Collins (Conservative, Folkstone and Hythe), the chair of the Digital, Culture, Media, and Sport Committee, asks Chris Wylie, a whistleblower who worked for Cambridge Analytica, that same question (The Great Hack, 00:25:51). Wylie's response: "When you're caught doping in the Olympics, there's not a debate about how much illegal drug you took or, well, he probably would have come in first, or, well, he only took half the amount, or - doesn't matter. If you're caught cheating, you lose your medal. Right? Because if we allow cheating in our democratic process, what about next time? What about the time after that? Right? You shouldn't win by cheating."

Later in the film (1:08:00), Kaiser, testifying to DCMS, sums up the problem this way: "The sole worth of Google and Facebook is the fact that they own and possess and hold and use the personal data from people all around the world.". In this statement, she unknowingly confirms the prediction made by the veteran Australian privacy advocate Roger Clarke,who commented in a 2009 interview about his 2004 paper, Very Black "Little Black Books", warning about social networks and privacy: "The only logical business model is the value of consumers' data."

What he got wrong, he says now, was that he failed to appreciate the importance of micro-pricing, highlighted in 1999 by the economist Hal Varian. In his 2017 paper on the digital surveillance economy, Clarke explains the connection: large data profiles enable marketers to gauge the precise point at which buyers begin to resist and pitch their pricing just below it. With goods and services, this approach allows sellers to extract greater overall revenue from the market than pre-set pricing would; with politics, you're talking about a shift from public sector transparency to private sector black-box manipulation. Or, as someone puts it in The Great Hack, a "full-service propaganda machine". Load, aim at "persuadables", and set running.

Less noticed than either of these is the Securities and Exchange Commission settlement with Facebook, also announced this week. While the fine is relatively modest - a mere $100 million - the SEC has nailed the company's conflicting statements. On Twitter, Jason Kint has helpfully highlighted the SEC's statements laying out the case that Facebook knew in 2016 that it had sold Cambridge Analytica some of the data underlying the 30 million personality profiles CA had compiled - and then "misled" both the US Congress and its own investors. Besides the fine, the SEC has permanently enjoined Facebook from further violations of the laws it broke in continuing to refer to actual risks as "hypothetical". The mills of trust have been grinding exceeding slow; they may yet grind exceeding small.


Illustrations: Data connections in The Great Hack.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

July 19, 2019

The Internet that wasn't

Bambi-forest.jpgThis week on Twitter, writer and Georgia Tech professor Ian Bogost asked this: "There's a belief that the internet was once great but then we ruined it, but I'm struggling to remember the era of incontrovertible greatness. Lots of arguing from the start. Software piracy. Barnfuls of pornography. Why is the fall from grace story so persistent and credible?"

My reply: "Mostly because most of the people who are all nostalgic either weren't there, have bad memories, or were comfortable with it. Flaming has existed in every online medium that's ever been invented. The big difference: GAFA weren't profiting from it."

Let's expand on that here. Not only was there never a period of peace and tranquility on the Internet, there was never a period of peace and tranquility on the older, smaller, more contained systems that proliferated in the period when you had to dial up and wait through the modems' mating calls. I only got online in 1991, but those 1980s systems - primarily CIX (still going), the WELL (still going), and CompuServe (bought by AOL) - hosted myriad "flame wars". The small CompuServe UK journalism forum I co-managed had to repeatedly eject a highly abusive real-life Fleet Street photographer who obsessively returned with new name, same behavior. CompuServe finally blocked his credit card, an option unavailable to pay-with-data TWIFYS (Twitter-WhatsApp-Instagram-Facebook-YouTube-Snapchat). The only real answer to containing abuse and abusers was and is human moderators.

The quick-trigger abuse endemic on Twitter has persisted since the beginning, as Sara Kiesler and Lee Sproull documented in their 1992 book, Connections, based on years of studies of mailing lists within large organizations. Even people using their real names and job descriptions within a professional context displayed online behavior they would never display offline. The distancing effect appears inherent to the medium and the privacy in which we experience it. Meanwhile, urgency of response rises with each generation. The etiquette books of my childhood recommended rereading angry letters after a day or two before sending; who has the attention span for that now?

Three documented examples of early cyberbullying provide perspective. In Josh Quittner's 1994 Wired story about Usenet, the rec.pets.cats successfully repelled invaders from alt.tasteless when a long-time poster and software engineer taught the others her tools; when she began getting death threats a phone call to the leader's ISP made him back down for fear of losing his Internet access. In Julian Dibbell's A Rape in Cyberspace "Mr Bungle took over another user's avatar in the virtual game space Lambda MOO, and forced it into virtual sex. After inconclusive community consideration, a single administrator quietly expelled Bungle. Finally, in my own piece about Scientology's early approach to the Internet, disputes over disclosing secret scriptures in the newsgroup alt.religion.scientology led to police raids, court cases, and attempts to smother the newsgroup with floods of pro-Scientology postings, also countered by a mix of community practices and purpose-built tools. Nonetheless, even in 1997 in 1997 people complained that tolerating abuse shouldn't be the price of participation.

Software "piracy" was born right alongside the commercial software business. In 1976, a year after Bill Gates and Paul Allen launched Microsoft's first product, a BASIC language interpreter for the early Altair computer, Gates published an open letter to hobbyists begging them to make the new industry viable by buying the software rather than circulate copies. The tug of war over copyrighted material, unauthorized copies, and business models has continued ever since in a straight line from Gates's open letter through Napster to today's battles over the right to repair. The shift moving modifiable software into copyright control was the spark that got Richard Stallman building GNU, the bulk of "Linux".

"Barnfuls of pornography" is slightly exaggerated, especially before search engines simplified finding it. Still, pornography producers are adept at colonizing new technology, from cave paintings to videocassettes, and the Internet was no exception. It was certainly popular: the University of Delft took down its pornography archive because the traffic swamped its bandwidth. In 1994, students protested when Carnegie-Mellon removed sexually explicit newsgroups, and conflicting US states' standards landed Robert and Carleen Thomas in jail.

Some of the Internet's steamy reputation was undeserved. Time magazine's shock-horror 1995 Cyberporn Cyberporn cover story was based on a fraudulent study. That sloppy reporting's fallout included the 1996 passage of the Communications Decency Act, antecedent of today's online harms and age verification.

So why does the myth persist? First, anyone under 35 probably wasn't there. Second, the early Internet was more homogeneous and more open, and you lost less by abandoning a community to create a new one when you mostly interacted with strangers. As previously noted, 1980s online forums did not profit from abuse; today, ramping up "engagement" to fuel ad-bearing traffic is TWIFYS' business model. More important, these scaled-up, closed systems do not offer us the ability to create and deploy tools or enforce our own fine-grained rules.

Crucially, the early Internet seemed *ours* - no expanding privacy policies or data collection. The first spammers, hackers, and virus writers were *amateurs*. Today, as Craig Silverman pointed out on Twitter, "There are tens of thousands of people whose entire job it is to push out spam on Facebook." We were free to imagine this new technology would bring a better world, however dumb that seemed even at the time. The Internet was *magic*.

Tl;dr: human behavior hasn't changed. The Internet hasn't changed. It's just not magic any more.

Illustrations: Bambi, before Man enters the forest.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

July 12, 2019

Public access

WestWing-Bartlet-campaign-phone.pngIn the fantasy TV show The West Wing, when fictional US president Jed Bartlet wants to make campaign phone calls, he departs the Oval Office for the "residence", a few feet away, to avoid confusing his official and political roles. In reality, even before the show began in 1999, the Internet was altering the boundaries between public and private; the show's end in 2006 coincided with the founding of Twitter, which is arguably completing the job.

The delineation of public and private is at the heart of a case filed in 2017 by seven Twitter users backed by the Knight First Amendment Institute against US president Donald Trump. Their contention: Trump violated the First Amendment by blocking them for responding to his tweets with criticism. That Trump is easily offended, is not news. But, their lawyers argued, because Trump uses his Twitter account in his official capacity as well as for personal and campaign purposes, barring their access to his feed means effectively barring his critics from participating in policy. I liked their case. More important, lawyers liked their case; the plaintiffs cited many instances where Trump or members of his administration had characterized his tweets as official policy..

In May 2018, Trump lost in the Southern District of New York. This week, the US Court of Appeals for the Second Circuit unanimously upheld the lower court. Trump is perfectly free to block people from a personal account where he posts his golf scores as a private individual, but not from an account he uses for public policy announcements, however improvised and off-the-cuff they may be.

At The Volokh Conspiracy, Stuart Benjamin finds an unexplored tension between the government's ability to designate a space as a public forum and the fact that a privately-owned company sets the forum's rules. Here, as Lawrence Lessig showed in 1999, system design is everything. The government's lawyers contended that Twitter's lack of tools for account-holders leaves Trump with the sole option of blocking them. Benjamin's answer is: Trump didn't have to choose Twitter for his forum. True, but what other site would so reward his particular combination of impulsiveness and desperate need for self-promotion? A moderated blog, as Benjamin suggests, would surely have all the life sucked out of it by being ghost-written.

Trump's habit of posting comments that would get almost anyone else suspended or banned has been frequently documented - see for example Cory Scarola at Inverse in November 2016. In 2017, Jack Moore at GQ begged Twitter to delete his account to keep us all safer after a series of tweets in which Trump appeared to threaten North Korea with nuclear war. The site's policy team defended its decision not to delete the tweets on the grounds of "public interest". At the New York Times, Kara Swisher (heralding the piece on Twitter with the neat twist on Sartre, Hell is other tweeters) believes that the ruling will make a full-on Trump ban less likely.

Others have wondered whether the case gives Americans that Twitter has banned for racism and hate speech the right to demand readmission by claiming that they are being denied their First Amendment rights. Trump was already known to be trying to prove that social media sites are systemically biased towards banning far-right voices; those are the people he invited to the White House this week for a summit on social media.

It seems to me, however, that the judges in this case have correctly understood the difference between being banned from a public forum because of your own behavior and being banned because the government doesn't like your kind. The first can and does happen in every public space anywhere; as a privately-owned space, Twitter is free to make such decisions. But when the government decides to ban its critics, that is censorship, and the First Amendment is very clear about it. It's logical enough, therefore, to feel that the court was right.

Female politicians, however, probably already see the downside. Recently, Amnesty International highlighted the quantity and ferocity of abuse they get. No surprise that within a day the case was being cited by a Twitter user suing Alexandria Ocasio-Cortez for blocking him. How this case resolves will be important; we can't make soaking up abuse the price of political office, while the social media platforms are notoriously unresponsive to such complaints.

No one needs an account to read any Twitter user's unprotected tweets. Being banned costs the right to interact,, not the right to read. But because many tweets turn into long threads of public discussion it makes sense that the judges viewed the plaintiffs' loss as significant. One consequence, though, is that the judgment conceptually changes Trump's account from a stream through an indivisible pool into a subcommunity with special rules. Simultaneously, the company says it will obscure - though not delete - tweets from verified accounts belonging to politicians and government officials with more than 100,000 followers that violate its terms and conditions. I like this compromise: yes, we need to know if leaders are lighting matches, but it shouldn't be too easy to pour gasoline on them - and we should be able to talk (non-abusively) back.


Illustrations:The West Wing's Jed Bartlet making phone calls from the residence.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

July 5, 2019

Legal friction

ny-public-library-lions.JPGWe normally think of the Internet Archive, founded in 1996 by Brewster Kahle, as doing good things. With a mission of "universal access to all knowledge", it archives the web (including many of my otherwise lost articles), archives TV news footage and live concerts, and provides access to all sorts of information that would otherwise be lost.

Equally, authors usually love libraries. Most grew up burrowed into the stacks, and for many libraries are an important channel to a wider public. A key element of the Archive's position in what follows rests on the 2007 California decision officially recognizing it as a library.

Early this year, myriad authors and publishers organizations - including the UK's Society of Authors and the US's Authors Guild - issued a joint statement attacking the Archive's Open Library project. In this "controlled digital lending" program, borrowers - anyone, via an Archive account - get two weeks to read ebooks, either online in the Archive's book reader or offline in a copy-protected format in Adobe Digital Editions.

What offends rights holders is that unlike the Gutenberg Project, which offers downloadable copies of works in the public domain, Open Library includes still-copyrighted modern works (including net.wars-the-book). The Archive believes this is legal "fair use".

You may, like me, wonder if the Archive is right. The few precedents are mixed. In 2000, "My MP3.com" let users stream CDs after proving ownership of a physical copy by inserting it in their CD drive. In the resulting lawsuit the court ruled MP3.com's database of digitized CDs an infringement, partly because it was a commercial, ad-supported service. Years later, Amazon does practically the same thing..

In 2004, Google Books began scanning libraries' book and magazine collections into a giant database that allows searchers to view scraps of interior text. In 2015, publishers lost their lawsuit. Google is a commercial company - but Google Books carries no ads (though it presumably does collect user data), and directs users to source copies from libraries or booksellers.

A third precedent, cited by the Authors Guild, is Capitol Records v. ReDigi. In that case, rulings have so far held that ReDigi's resale process, which transfers music purchased on iTunes from old to new owners means making new and therefore infringing copies. Since the same is true of everything from cochlear implants to reading a web page, this reasoning seems wrong.

Cambridge University Press v. Patton, filed in 2008 and still ongoing, has three publishers suing Georgia State University over its e-reserves system, which loans out course readings on CDL-type terms. In 2012, the district court ruled that most of this is fair use; appeal courts have so far mostly upheld that view.

The Georgia case is cited David R. Hansen and Kyle K. Courtney in their white paper defending CDL. As "format-shifting", they argue CDL is fair use because it replicates existing library lending. In their view, authors don't lose income because the libraries already bought copies, and it's all covered by fair use, no permission needed. One section of their paper focuses on helping libraries assess and minimize their legal risk. They concede their analysis is US-only.

From a geek standpoint, deliberately introducing friction into ebook lending in order to replicate the time it takes the book to find its way back into the stacks (for example) is silly, like requiring a guy with a flag on a horse to escort every motor car. And it doesn't really resolve the authors' main complaints: lack of permission and no payment. Of equal concern ought to be user complaints about zillions of OCR errors. The Authors Guild's complaint that saved ebooks "can be made readable by stripping DRM protection" is, true, but it's just as true of publishers' own DRM - so, wash.

To this non-lawyer, the white paper appears to make a reasonable case - for the US, where libraries enjoy wider fair use protection and there is no public lending right, which elsewhere pays royalties on borrowing that collection societies distribute proportionately to authors.

Outside the US, the Archive is probably screwed if anyone gets around to bringing a case. In the UK, for example, the "fair dealing" exceptions allowed in the Copyright, Designs, and Patents Act (1988) are narrowly limited to "private study", and unless CDL is limited to students and researchers, its claim to legality appears much weaker.

The Authors Guild also argues that scanning in physical copies allows libraries to evade paying for library ebook licenses. The Guild's preference, extended collective licensing, has collection societies negotiating on behalf of authors. So that's at least two possible solutions to compensation: ECL, PLR.

Differentiating the Archive from commercial companies seems to me fair, even though the ask-forgiveness-not-permission attitude so pervasive in Silicon Valley is annoying. No author wants to be an indistinguishable bunch of bits an an undifferentiated giant pool of knowledge, but we all consume far more knowledge than we create. How little authors earn in general is sad, but not a legal argument: no one lied to us or forced us into the profession at gunpoint. Ebook lending is a tiny part of the challenges facing anyone in the profession now, and my best guess is that whatever the courts decide now eventually this dispute will just seem quaint.

Illustrations: New York Public Library (via pfhlai at Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.