net.wars

This time last year, the Computers, Privacy, and Data Protection conference was talking about inevitable technology. Two thousand people from all over the world enclosed in two large but unventilated spaces arguing closely over buffets and snacks for four days! I remember occasional nods toward a shadow out there on the Asian horizon, but it was another few weeks before the cloud of dust indicating the coronavirus's gallop westward toward London became visible to the naked eye. This week marks a year since I've traveled more than ten miles from home.

The virus laughs at what we used to call "inevitable". It also laughs at what we think of as "borders".

The concept of "privacy" was always going to have to expand. Europe's General Data Protection Regulation came into force in May 2018; by CPDP 2019 the conference had already moved on to consider its limitations in a world where privacy invasion was going physical. Since then, Austrian lawyer Max Schrems has poked holes in international data transfers, police and others began rolling out automated facial recognition without the least care for public consent...and emergency measures to contain the public health crisis have overwhelmed hard-won rights.

This year two themes are emerging. First is that, as predicted, traditional ideas about consent simply do not work in a world where technology monitors and mediates our physical movements, especially because most citizens don't know to ask what the "legal basis for processing" is when their local bar demands their name and address for contact tracing and claims the would-be drinker has no discretion to refuse. Second is the need for enforcement. This is the main point Schrems has been making through his legal challenges to the Safe Harbor agreement ("Schrems I") and then to its replacement, the EU-US Privacy Shield agreement ("Schrems II"). Schrems is forcing data protection regulators to act even when they don't want to.

In his panel on data portability, Ian Brown pointed out a third problem: access to tools. Even where companies have provided the facility for downloading your data, none provide upload tools, not even archives for academic papers. You can have your data, but you can't use it anywhere. By contrast, he said, open banking is actually working well in the UK. EFF's Christoph Schmon added a fourth: the reality that it's "much easier to monetize hate speech than civil discourse online".

Artist Jonas Staal and lawyer Jan Fermon have an intriguing proposal for containing Facebook: collectivize it. In an unfortunately evidence-free mock trial, witnesses argued that it should be neither nationalized nor privately owned nor broken up, but transformed into a space owned and governed by its 2.5 billion users. Fermon found a legal basis in the right to self-determination, "the basis of all other fundamental rights". In reality, given Facebook's wide-ranging social effects, non-users, too, would have to become part-owners. Lawyers love governing things. Most people won't even read the notes from a school board meeting.

Schmon favored finding ways to make it harder to monetize polarization, chiefly through moderation. Jennifer Cobbe, in a panel on algorithm-assisted decision making suggested stifling some types of innovation. "Government should be concerned with general welfare, public good, human rights, equality, and fairness" and adopt technology only where it supports those values. Transparency is only one part of the answer - and it must apply to all parts of systems such as those controlling whether someone stays in jail or is released on parole, not just the final decision making bit.

But the world in which these debates are taking place is also changing, and not just because of the coronavirus. In a panel on intelligence agencies and fundamental rights, for example, MEP Sophie in't Veld (NL) pointed out the difficulties of exercising meaningful oversight when talk begins about increasing cross-border cooperation. In her view, the EU pretends "national security" is outside its interests, but 20 years of legislation offers national security as a justification for bloc-wide action. The result is to leave national authorities to make their own decisions. and "There is little incentive for national authorities to apply safeguards to citizens from other countries." Plus, lacking an EU-wide definition of "national security", member states can claim "national security" for almost any exemption. "The walls between law enforcement and the intelligence agencies are crumbling."

A day later, Petra Molnar put this a different way: "Immigration management technologies are used as an excuse to infringe on people's rights". Molnar works to highlight the use of refugees and asylum-seekers as experimental subjects for news technologies - drones, AI lie detectors, automated facial recognition; meanwhile the technologies are blurring geographical demarcations, pushing the "border" away from its physical manifestation. Conversely, current UK policy moves the "border" into schools, rental offices, and hospitals by requiring for teachers, landlords, and medical personnel to check immigration status.

Edin Omanovic pointed out a contributing factor: "People are concerned about the things they use every day" - like WhatsApp - "but not bulk data interception". Politicians have more to gain by signing off on more powers than from imposing limits - but the narrowness of their definition of "security" means that despite powers, access to technology, and top-class universities, "We've had 100,000 deaths because we were unprepared for the pandemic we knew was coming and possible."

Illustrations: Sophie in't Veld (via Arnfinn Petersen at Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

Posted by Wendy M. Grossman at 2:10 PM | Permalink | Comments (0) | TrackBacks (0)

As the year gets going, two conflicts look like setting precedents for Internet regulation: Australia's push to require platforms to pay license fees for linking to their articles; and Facebook's pending decision whether to make former president Donald Trump's ban permanent, as Twitter already has.

Facebook has referred Trump's case to its new Oversight Board and asked it to make policy recommendations for political leaders. The Board says it will consider whether Trump's content violated Facebook community standards and "values", and whether its removal respected human rights standards. It expects to report within 90 days; the decision will be binding on Facebook.

On Twitter, Kate Klonick, an assistant professor at St. John's University of Law, who has been following the Oversight Board's creation and development in detail, says the important aspect is not the inevitably polarizing decision itself, but the creation of what she hopes will be a "transparent global process to adjudicate these human rights issues of speech". In a Yale Law Journal articledocumenting the board's history so far, she suggests that it could set a precedent for collaborative governance of private platforms.

Or - and this seems more likely - it could become the place where Facebook dumps the controversial cases where making its own decision gains the company nothing. Trump is arguably one of these. No matter how much money Trump's presidential campaign (which seems unlikely to have any future) netted the company, it surely must be a drop in the ocean of its overall revenues. With antitrust suits pending and a politically controversial decision, why *wouldn't* Facebook want to hand it off? Would the company do the same in a case where the company's business model was at stake, though? If it does and the decision goes against Facebook's immediate business interests, will shareholders sue?

Those questions won't be answered for some years. Meanwhile, this initial case will be a milestone in Internet history, as Klonick says. If the board does not create durable principles that can be applied across other countries and political systems, it will have failed. The larger question, however, which is the circulation of deliberate lies and misinformation, is more complex.

For that, letters sent this week by US Congress members Anna Eshoo (D-CA) and Tom Malinowski (D-NJ) may be more germane: they have asked the CEOs of Facebook, Google, YouTube, and Twitter to alter their algorithms to stop promoting conspiracy theories at scale. Facebook has been able to ignore previous complaints it was inciting violence in markets less essential to its bottom line and of less personal significance.

The Australian case is smaller, and kind of a rerun, but still interesting. We noted in September that the Australian government had announced the draft News Media Bargaining Code, a law requiring Google and Facebook (to start with) to negotiate license fees for displaying snippets of news articles. By including YouTube, user postings, and search engine results, Australia hoped to ensure the companies could not avoid the law by shutting down, which was what happened in 2014 when Spain enacted a similar law that caught only Google News. Early reports indicated that its withdrawal resulted in a dramatic loss of traffic to publishers' sites.

However, by 2015, Spain's Association of Newspaper Editor was saying members were reporting just a 12% loss of traffic, and a 2019 assessment argues that in fact the closure (which persists) made little long-term difference to publishers. If this is true, it's unarguably better for publishers not to be dependent on a third-party company to send them traffic out of the goodness of their hearts. The more likely underlying reality, however, is that people have learned to use generic search engines and social media to find news stories - in which case the Australian law could still be damaging to publishers' revenues.

It is, as journalist Michael West points out, exceptionally difficult to tease out what portion of Google's or Facebook's revenues are attributable to news content. West argues that a better solution to those companies' rise is regulating their power and taxing them appropriately; neither Google nor Facebook is in the business of reporting the news and are not in direct competition with the traditional publishers - the biggest of which, in Australia, are owned by Rupert Murdoch and so filled with climate change denial that Murdoch's own son left the company because of it.

In December, Google and Facebook won a compromise that will allow Google to include in the negotiations the value it brings in the form of traffic; limit the data it has to share with publishers; and lower the requirement for platforms to share algorithm changes with the publishers. Prediction: the publishers aren't going to wind up getting much out of this.

For the rest of us, though, the notion that users could be stopped from sharing news links (as Facebook is threatening) should be alarming; open, royalty-free linking, as web inventor Tim Berners-Lee told Bloomberg above, is the fundamental characteristic of the web. We take the web so much for granted now that it's easy to forget that the biggest decision Berners-Lee made, with the backing of his employers at CERN, was to make it open instead of proprietary. The Australian law is the latest attempt to modify that decision. I wish I could say it will never catch on.

Illustrations: Justitia outside the Delft Town Hall, the Netherlands (via Dennis Jarvis at Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

Posted by Wendy M. Grossman at 2:10 PM | Permalink | Comments (0) | TrackBacks (0)

In many ways, this 1,000th net.wars column is much like the first (the count is somewhat artificial, since net.wars began as a 1998 book, then presaged by four years of news analysis pieces for the Daily Telegraph, and another book in 2001...and a lot of my other writing also fits under "computers, freedom, and privacy"; *however*). That November 2001 column was sparked by former Home Office minister Jack Straw's smug assertion that after 9/11 those of us who had defended access to strong cryptography must be feeling "naive". Here, just over a week after the Capitol invasion, three long-running issues are pertinent: censorship; security and the intelligence failures that enabled the attack; and human rights when demands for increased surveillance capabilities surface, as they surely will.

Censorship first. The US First Amendment only applies to US governments (a point that apparently requires repeating). Under US law, private companies can impose their own terms of service. Most people expected Twitter would suspend Donald Trump's account approximately one second after he ceased being a world leader. Trump's incitement of the invasion moved that up, and led Facebook, including its subsidiaries Instagram and WhatsApp, Snapchat, and, a week after the others, YouTube to follow suit. Less noticeably, a Salesforce-owned email marketing company ceased distributing emails from the Republican National Committee.

None of these social media sites is a "public square", especially outside the US, where they've often ignored local concerns. They are effectively shopping malls, and ejecting Trump is the same as throwing out any other troll. Trump's special status kept him active when many others were unjustly banned, but ultimately the most we can demand from these services is clearly stated rules, fairly and impartially enforced. This is a tough proposition, especially when you are dependent on social media-driven engagement.

Last week's insurrection was planned on numerous openly accessible sites, many of which are still live. After Twitter suspended 70,000 accounts linked to QAnon, numerous Republicans complaining they had lost followers seemed to be heading to Parler, a relatively new and rising alt-right Twitterish site backed by Rebekah Mercer, among others. Moving elsewhere is an obvious outcome of these bans, but in this crisis short-term disruption may be helpful. The cost will be longer-term adoption of channels that are harder to monitor.

By January 9 Apple was removing Parler from the App Store, to be followed quickly by Android (albeit less comprehensively, since Android allows side-loading). Amazon then kicked Parler off its host, Amazon Web Services. It is unknown when, if ever, the site will return.

Parler promptly sued Amazon claiming an antitrust violation. AWS retaliated with a crisp brief that detailed examples of the kinds of comments the site felt it was under no obligation to host and noted previous warnings.

Whether or not you think Parler should be squashed - stipulating that the imminent inauguration requires an emergency response - three large Silicon Valley platforms have combined to destroy a social media company. This is, as Jillian C. York, Corynne McSherry, and Danny O'Brien write at EFF, a more serious issue. The "free speech stack", they write, requires the cooperation of numerous layers of service providers and other companies. Twitter's decision to ban one - or 70,000 - accounts has limited impact; companies lower down the stack can ban whole populations. If you were disturbed in 2010, when, shortly after the diplomatic cables release, Paypal effectively defunded Wikleaks after Amazon booted it off its servers, then you should be disturbed now. These decisions are made at obscure layers of the Internet where we have little influence. As the Internet continues to centralize, we do not want just these few oligarchs making these globally significant decisions.

Security. Previous attacks - 9/11 in particular - led to profound damage to the sense of ownership with which people regard their cities. In the UK, the early 1990s saw the ease of walking into an office building vanish, replaced by demands for identification and appointments. The same happened in New York and some other US cities after 9/11. Meanwhile, CCTV monitoring proliferated. Within a year of 9/11, the US passed the PATRIOT Act, and the UK had put in place a series of expansions to surveillance powers.

Currently, residents report that Washington, DC is filled with troops and fences. Clearly, it can't stay that way permanently. But DC is highly unlikely to return to the openness of just ten days ago. There will be profound and permanent changes, starting with decreased access to government buildings. This will be Trump's most visible legacy.

Which leads to human rights. Among the videos of insurrectionists shocked to discover that the laws do apply to them were several in which prospective airline passengers discovered they'd been placed preemptively on the controversial no-fly list. Many others who congregated at the Capitol were on a (separate) terrorism watch list. If the post-9/11 period is any guide, the fact that the security agencies failed to connect any of the dots available to them into actionable intelligence will be elided in favor of insisting that they need more surveillance powers. Just remember: eventually, those powers will be used to surveil all the wrong people.

Illustrations: net.wars, the book at the beginning.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

Posted by Wendy M. Grossman at 12:52 PM | Permalink | TrackBacks (0)

The chaos is the point.

Among all the things to note about Wednesday's four-hour occupation of the US Capitol Building - the astoundingly ineffective blue line of police, the attacks on journalists, the haphazard mix of US, Trump, Confederate, and Nazi costumes and flags, the chilling in a hotel lobby - is this: no one seemed very clear about the plan. In accounts and images, once inside, some of the mob snap pictures, go oh, look! emails!, and grab mementos like dangerous and destructive tourists. Let's not glorify them and their fantasies of heroism; they are vandals, they are criminals, they are incipient felons, they are thugs. They are certainly not patriots.

One reason, of course, is that their leader, having urged them to storm the Capitol, went home to his protective Secret Service and the warmth of watching the wreckage on TV inside one of the most secure buildings on the planet. Trump is notoriously petty and vengeful against anyone who has crossed him. Why wouldn't he push the grievance-filled conspiracy theorists whose anger he harnessed for personal gain to destroy the country that dared to reject him? The festering anger that Trump's street-bully smarts (and those of his detonator, Roger Stone) correctly spotted as a political opportunity was perfectly poised for Trump's favorite chaos creation game: "Let's you and him fight".

"We love you," and "You are very special," Trump told the rioters to close out the video clip he issued to tell them to go home, as if this were a Hollywood movie and with a bit of sprinkled praise his special effects crew could cage the Kraken until he next wanted it.

The someday child studying this period in history class will marvel at our willful blindness to white violence openly fomented while applying maximum deterrence to Black Lives Matter.

Our greatest ire should be reserved for the cynically exploitative, opportunistic Trump and supporting senators Josh Hawley (R-MO) and Ted Cruz (R-TX), whom George F. Will says will permanently wear a scarlet "S" for "seditionist" and Trump's many other politicians and enablers who consciously lied, a list to which Marcy Wheeler adds senator Tommy Tuberville (R-AL). It's fashionable to despise former Trump fixer-lawyer Michael Cohen, but we should listen to him; his book, Disloyal, is an addict's fourth and fifth steps (moral inventory and admitting wrongs) that unflinchingly lays bare his collaboration in Trump's bullying exploitation.

The invasion perversely hastened Biden/Harris's final anointing; Republicans dropped most challenges in the interests of Constitutional honor (read: survival). Mitch McConnell (R-KY), who as Senate Majority Leader has personally made governance impossible, sounded like a man abruptly defibrillated into sanity, and Senator Lindsey Graham's (R-SC) careening wait-for-his-laugh "That's it! I'm done!" speech led some on Twitter to surmise he was drunk. Only Hawley (R-MO), earlier seen fist-pumping the rioters-in-waiting, seemed undeterred.

High-level Trump administration members - those who can afford health insurance are fleeing. Apparently we have finally found the line they won't cross, though it may not be the violence but the prospect of having to vote on invoking the 25th Amendment.

An under-discussed aspect of the gap between politics - Beltway or Westminster - and life as ordinary people know it is that for many politicians and media, making proposterous claims they don't really believe is a game. Playing exhibitionist contrarian for provocation is a staple of British journalism. Boris Johnson famously wrote pre-referendum columns arguing both Leave and Remain before choosing pro-Leave's personal opportunities. They appear to care little for the consequences, measured in covid deaths, food bank use, deportations, and shattered lives.

All these posturers score against each other from comfortable berths and comfortably assume they are beyond repercussions. It's the same dynamic as the one at work among the advocates of letting the virus rip through the population at large, as if infection is for the little people and our desperately overstressed, traumatized health care workers are replaceable parts rather than a precious resource.

Perhaps the most extraordinary aspect is that this entire thing was planned out in the open. There was no need to backdoor encryption. They had merch; Trump repeatedly tweeted his intentions; planning was on public forums. In September, the Department of Homeland Security warned that white supremacy is the "most lethal threat" to the US. On Tuesday, Bellingcat warned that a dangerous meld of numerous right-wing constituencies was setting out for DC. Talia Lavin's 2020 book, Culture Warlords, thoroughly documented the online hate growing into real-world violence.

Wednesday also saw myriad mostly peaceful statehouse protests: Texas, Utah, Michigan, California, Oregon, Arizona, Arkansas, Kansas, Wisconsin, Nevada (with a second protest in Las Vegas), Florida, and Georgia. Pause to remember Wednesday's opener: Democrats Jon Ossoff and Raphael Warnock won Georgia's Senate seats.

Trump has 12 more days. Twitter and Facebook, which CNN reporter Donie Sullivan calls complicit, have locked Trump's accounts; Shopify has closed his shops. The far-right forums are considering the results while the FBI makes arrests and Biden builds his administration.

The someday child will know the next part faster than we will.

Illustrations: Screenshot of Wednesday's riot in progress.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

Posted by Wendy M. Grossman at 10:44 PM | Permalink | Comments (0) | TrackBacks (0)