" /> net.wars: February 2021 Archives

« January 2021 | Main | March 2021 »

February 26, 2021

The convenience

Houston-HV-FINAL-Mobile-Van-2.jpgA couple of days ago, MSNBC broadcast a segment featuring a mobile vaccination effort in which a truck equipped with a couple of medical personnel and a suitably stored supply of vaccines and other medical equipment, was shown driving around to various neighborhoods, parking in front of people's homes, where the personnel would knock on doors. There was a very brief clip of a woman identified as reluctant. "What made you decide to take the vaccine after all?" the interviewer asked (more or less). "The convenience," she said, from behind her mask.


It's always been - or should have been - obvious that all vaccine hesitancy is not equal. Some people are just going to be born rebels, refusing to do *anything* an authority tells them to do, no matter how well-attested the instruction is or how much risk accompanies ignoring it. Some have adopted resistance as a performative or tribal identity. Some may be deeply committed through serious, if flawed, assessment of the vaccine itself. Some have serious historical and cultural reasons to be distrustful. Others have medical contraindications. Some may actually even be suicidal. But some - and they may even be the majority - could go either way, depending on circumstances. As a friend commented after I told them the story, imagine a single mother with three kids, one or more jobs, and a long daily to-do list. Vaccination may be far, far down the list in terms of urgency.

Even knowing all this, seeing the woman state it so baldly was breathtaking because we've gotten used to assuming that anyone opposing vaccination does so out of deeply-held and angry commitment. The nudge people would probably be less surprised. For those of us who spend time promoting skepticism, the incident was also a good reminder of the value of engaging with people's real concerns.

It also reminds that when people's decisions seem inexplicable "the convenience" is often an important part of their reasoning. It's certainly part of why a lot of security breaches happen. Most people's job is not in security but in payroll or design or manufacturing, and their need to get their actual jobs done takes precedence. Faced with a dilemma, they will do the quickest and easiest thing, and those who design attacks know and exploit this very human tendency. The smart security person will, as Angela Sasse has been saying for 20 years, design security policies so they're the easiest path to follow.

The friction they add has been a significant reason why privacy tools have often failed to command any significant market share: they require exceptional effort, first because of the necessity of locating, installing, and learning to use them and second because so often they bring with them the price of non-conformance. Ever try getting your friends to shift from WhatsApp to Signal? Until the recent WhatsApp panic, it was impossible because of the difficulty they could foresee of getting all their other contacts - the school and church groups, the tennis club, the neighbors - to move as well. No one wants to have to remember which service to use for each contact.

One or another version of this problem has hindered the adoption of privacy tools for nearly 30 years, beginning in 1991 when Phil Zimmermann invented PGP in an effort to give PC users access to strong encryption. For most people, PGP was - and, sadly, still is, too difficult to install and too much of a nuisance to use. The result was that hardly anyone used encrypted communications until it became invisibly built into messaging services like WhatsApp and Signal.

The move away from universally interoperable email risks becoming a real problem in splintering communications, if my personal experience is any guide. A friend recently demanded to know why I didn't have an iPhone; she was annoyed that she couldn't send me messages on her preferred app. "Because I have an Android," I said. "What's that?" she asked. For her, Android users are incomprehensibly antisocial (and for new-hot-kid-in-town Clubhouse we are not worthy.)

On a wider canvas, that issue of convenience is most of the answer to how we began with a cooperative decentralized Internet and are now contending with an Internet dominated for most people by centralized walled gardens. At every stage from the first web sites, when someone wanting to host a website had to do everything themselves, to today's social media new companies succeeded by solving the frustrations of the previous generation. People want to chat with their friends, see photos, listen to music, and build businesses; anything like a technical barrier that makes any of that harder is an opportunity for someone to insert themselves as an intermediary or, as TikTok is doing now, to innovate. The same network effects that helped Facebook, Apple, and Google to grow to their present side make it difficult to counter their dominance by seeding alternatives.

It did not have to come out this way; ISPs (and, later, others) could have chosen to provide tools and services to make it easy for us to own our own communities. For anyone trying to do that now it's a hard, hard sell. Those of us who want to see the Internet redecentralize will have to create the equivalent of a mobile vaccination van.

Illustrations: Houston Vaccines' mobile unit.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

February 19, 2021

Vaccine conoisseurs

800px-International_Certificates_of_Vaccination.jpgThis is one of those weeks when numerous stories update. Australia's dispute over sharing news has spawned deals that are bad for everyone except Facebook, Google, and Rupert Murdoch; the EU is beginning the final stages of formulating the ePrivacy Regulation; the UK awaits its adequacy decision on data protection; 3D printed guns are back; and the arrival of covid vaccines has revived the push for some form of vaccination certificate, which may (or may not) revive governments' desires for digital identities tied to each of us via biometrics and personal data.

To start with Australia: since the lower house of the Australian parliament has passed the law requiring Google and Facebook to negotiate licensing fees with publishers, Facebook began blocking Australian users from sharing "news content" - and the rest of the world from sharing links to Australian publishers - without waiting for final passage. The block is as overbroad as you might expect.

Google has instead announced a three-year deal under which it will pay Rupert Murdoch's News Corporation for the right to showcase it's output - which is almost universally paywalled.

Neither announcement is good news. Google's creates a damaging precedent of paying for links, and small public interest publishers don't benefit - and any publisher that does becomes even more dangerously dependent on the platforms to keep them solvent. On Twitter, Kate Crawford calls Facebook's move deplatforming at scale.

Next, as Glyn Moody helpfully explains, where GDPR protects personal data at rest, the ePrivacy Regulation covers personal data in transit. It has been pending since 2017, when the European Commission published a draft, which the European Parliament then amended. Massive amounts of lobbying and now-resolved internal squabbling over the text within the Council of the EU have finally been resolved so the three legs of this legislative stool can begin negotiations. Moody highlights two areas to watch: provisions exempting metadata from the prohibition on changing use without consent, and the rules regarding cookie walls. As negotiations proceed, however, there may be more.

As a no-longer EU member, the UK will have to actively adopt this new legislation. The UK's motivation to do so is simple: it wants - or should want - an adequacy decision. That is, for data to flow between the UK and the EU, the EU has to agree that the UK's privacy framework matches the EU's. On Tuesday, The Register reported that such a decision is imminent, a small piece of good news for British businesses in the sea of Brexit issues arising since January 1.

The original panic over 3D-printed guns was in 2013, when the US Department of Justice ordered the takedown of Defcad. In 2018, Defcad's owner, Cody Wilson, won his case against the DoJ in a settlement. At the time, 3D-printed plastic guns were too limited to worry about, and even by 2018 3D printing had failed to take off on the consumer level. This week Gizmodo reported that home-printing alarmingly functional automated weapons may now be genuinely possible for someone with the necessary obsession, home equipment, and technical skill.

Finally, ever since the beginning of this pandemic there has been concern that public health would become the vector for vastly expanded permanent surveillance that would be difficult to dislodge later.

The arrival of vaccinations has brought the weird new phenomenon of the vaccine connoisseur. They never heard of mRNA until a couple of months ago, but if you say you've been vaccinated they'll ask which one. And then say something like, "Oh, that's not the best one, is it?" Don't be fussy! If you're offered a vaccination, just take it. Every vaccine should help keep you alive and out of the hospital; like Willie Nelson's plane landings you can walk away from, they're *all* perfect. All will also need updates.

Israel is first up with vaccination certificates, saying that these will be issued to everyone after their second shot. The certificate will exempt them from some of the requirements for testing and isolation associated with visiting public places.

None of the problems surrounding immunity passports (as they were called last spring) has changed. We are still not sure whether the vaccines halt transmission or how long they last, and access is still enormously limited. Certificates will almost certainly be inescapable for international travel, as for other diseases like yellow fever and smallpox. For ordinary society, however, they would be profoundly discriminatory. In agreement on this: Ada Lovelace Institute, Privacy International, Liberty, Germany's ethics council. At The Lancet some researchers suggest they may be useful when we have more data, as does the the Royal Society; others reject them outright.

There is an ancillary concern. Ever since identity papers were withdrawn after the end of World War II, UK governments have repeatedly tried to reintroduce ID cards. The last attempt, which ended in 2010, came close. There is therefore legitimate concern about immunity passports as ID cards, a concern not allayed by the government's policy paper on digital identities, published last week.

What we need is clarity about what problem certificates are intended to solve. Are they intended to allow people who've been vaccinated greater freedom consistent with the lower risks they face and pose? Or is the point "health theater" for businesses? We need answers.

Illustrations: International vaccination certificates (from SimonWaldherr at Wikimedia).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

February 12, 2021

The spirit of Mother Jones

800px-Mother_Jones_1902-11-04.jpegThis week a commenter on one of the mailing lists I follow asked, perhaps somewhat plaintively, why, after watching 20 years of attempts to organize Silicon Valley workers that have led nowhere, suddenly the push of workers at Big Tech to unionize seems to be gaining traction. "What has changed?"

Well, for one thing, the existence of a history of 20 years of attempts to organize tech workers - which could be the nearly-flat portion of the famous venture capital hockey stick - by itself is a profound change,. "Why is she running when she has no chance?" people asked about Shirley Chisholm in 1972. Her campaign opened minds for Hillary Clinton and Kamala Harris, VPOTUS.

The next month should give a solid indication of whether tech worker unions' moment is now. It very well might be. The same trend toward unaccountable power that have led the US Congress and many other countries to scrutinize the practices of the big platforms is surely felt even more by their employees. It shouldn't be a surprise; when you recruit people with the promise that they can improve the lives of millions of people you should expect them to be angry when they realize their efforts are being used to cause worldwide damage, especially when they see that little progress has been made on long-standing complaints such as the lack of diversity surrounding them.

One reason today's unionizing moves may come as a surprise is that the image of the tech worker has remained stuck on highly-compensated programmers and engineers and the perks, stock options, and salaries they receive. And yet, in 2014, Silicon Valley software engineers discovered that they, too, were just workers to their employers, who were limiting their career prospects via a no-poaching agreement in which Apple, Google, Intel, Dell, IBM, Pixar, Lucasfilm, Intuit, and dozens of other companies agreed not to recruit from each other's workforce. The result was to depress compensation across the board for millions of engineers and programmers.

And these are the high-caste workers; for years "lower-class" occupations have been filled at many companies by workers under all sorts of arrangements designed to keep them from being classed as employees to whom the company would owe medical insurance, paid leave, and other hard-won benefits. In 2018, Microsoft bug testers cited the Republican environment in Washington as the reason they gave up on a successful unionizing effort that had won them the right to negotiate directly with their temp agency. More recently, Uber and Lyft drivers have demanded employee status in numerous countries.

At Google, temporary, vendor, and contract workers, the majority of the workforce, have complained of being invisible. In November 2018, after the New York Times reported that the company had given seven-figure payouts to two executives accused of sexual harassment, 20,000 of these workers walked out demanding transparency, accountability, and structural change. Google's response was apparently enough to get them back to work at the time.

However, in December 2020, the National Labor Relations Board filed a complaint on behalf of two employees who said they were fired for their organizing efforts. Last month, hundreds of Google workers created the Alphabet Workers' Union, open to both full-time and contract workers. This union won't be formally recognized for collective bargaining, but will use other means to push for change. More than 200 of its members have signed on with the Communications Workers of America.

In an op-ed in the New York Times software engineers Parul Koul and Chewy Shaw, the leaders of the new Alphabet Workers Union, cite that earlier walkout, the recent firing of leading AI researcher Timnit Gebru, as well as the company's general behavior. "Each time workers organize to demand change, Alphabet's executives make token promises, doing the bare minimum in the hopes of placating workers," they write.

The original question was, I think, inspired by the news that voting began Monday at an Amazon fulfillment center in Bessemer, Alabama on whether to unionize. As Lee Fang reports at The Intercept, Amazon has been campaigning against this development, hiring a union-busting law firm Morgan Lewis to mastermind a website, Facebook ads, and mass texts to workers. This is not really comparable to Google's union. The fact that these warehouse staff and delivery drivers work for a technology company is largely irrelevant except for the extra-creepiness of the surveillance Amazon is able to install in its warehouses and delivery vans. The same goes for Apple's retail store staff, whose efforts to organize failed in 2011.

Plus, the overall environment has changed. The pandemic has cast many issues of structural unfairness into sharper relief, and the US's new president has promised to strengthen unions. Add in generational shift to a group whose bleak present includes burdensome education debt, the climate crisis, and shrinking prospects. Yes, it really might be different now..

Illustrations: Union organizer "Mother" Mary G. Harris Jones, "the most dangerous woman in America", in 1902, (via Wikipedia). The title is a reference to the folksinger Andy Irvine's biographical ode to the Union Maid, The Spirit of Mother Jones.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.

February 5, 2021

Dead cat trampoline

If you want to understand the story of why a bunch of Redditors have used Gamestop shares to squeeze a load of profitability out of a couple of hedge funds you could do worse than to read the 1994 Wired article about the time the Usnet newsgroup alt.tasteless invaded rec.pets.cats, by Josh Quittner. A horde of "little guys" invading the protected territory of a handful of stodgy, entitled billionaires and hedge fund managers could be the Internet's origin story. For example: bitcoin.

In brief, for those who've missed the breathless coverage: the "troubled" retail chain Gamestop. whose share price opened 2021 at around $17 and which dropped as low as $2.57 during 2020, suddenly spiked (briefly) last week to $483. The technical explanation is that this is an extreme version of a short squeeze, a vicious spiral in which a company's rising share price forces traders who have bet that it will go down scramble to cover their losses before they can escalate further.

Rule of thumb: when your get-rich-quick strategy appears on CNBC, it's time to cash out.

Calling Gamestop "troubled" is polite. Offline retail in general and particularly malls, where Gamestop outlets are located, are struggling. The company's revenues slid badly in 2019. That December - still 2019 - the best suggestions for recovery were to leverage the company's 5,600 physical locations to create experiences that can't be replicated online and to build its own line of products while it waited for the launch of new game consoles to goose its business. *Then* came the pandemic and its shutdowns to accelerate the spiral downwards. The company seems unlikely to be able to mount a comeback. Terrible for its employees, terrible for the malls and towns that depended on sales and other taxes, terrible for other local dependent businesses, but an opportunity for short sellers who get their timing exactly right.

In January, a Reddit group (subReddit Wall Street Bets) spotted that short sellers' commitments amounted to more than double the number of outstanding Gamestop shares and correctly recognized that they were looking at a spring-loaded slingshot. Ordinary retail investors can't, individually, buy enough to set a squeeze in motion, but a crowdsourcing, coordinated through an online forum, could indeed move the needle. The Redditors were also aided by 2019's industry-wide elimination of commissions on retail stock trades, which makes very small trades newly viable. The persistence of friction-inducing costs is why the Reddit scenario is unlikely to be replicated in the UK: British brokers still charge commissions on trades and the government adds stamp duty.

The markets are broken, short seller Carson Block tells Julia LaRoche at Yahoo Finance, in response to this incident. Like many over the last four years, he notes the widening gap between fundamental value and market pricing, between the real economy in which millions of Americans were struggling to afford rent even before the pandemic and the market, where 84% of the value is held by 10% of Americans, a level of inequality seen in England in 1966. This is not good news. WallStreetBets may be a messenger telling us that things are worse than we thought, but decades of underlying trends have fueled today's overpriced market: the extraordinarily low interest rates since 2008, the lack of alternatives for small, ongoing savings, the decades of replacing pensions with shares-filled 401(k) plans, and most recently Trump's tax cuts. The result is distorting the entire economy and robbing working Americans of a decent living.

Much of the Reddit action centered on Robinhood, a brokerage that markets itself as democratizing finance. At Slate, Alex Kershner says no: Robinhood's retail investors are the product, and Robinhood's real customers are Wall Street's market makers, who pay for the privilege of executing its stock orders. This arcane subject is best explained by Michael Lewis in Flash Boys. Because of the way it reduced friction for small-time retail traders - free commissions, instant access to deposited money, margin trading - Robinhood contributed to the volatility, but it's not really the story by itself. It is merely the last stop on a decades-old journey toward making it possible for retail investors to take risks previously limited to people who could provably afford the losses. The good side of that approach is to protect ordinary people from losing their homes; the bad side is to reserve the biggest profits for people who don't really need them.

If past decades are any guide, breaking those protections will hurt people. On Monday, February 1, Gamestop dropped 75%; on Tuesday it dropped 60%. On Wednesday, it rose slightly - about 2.5% in what experienced investors would call a "dead cat bounce", as Thursday saw it drop another 42%. Price Thursday night: $53.33. No one who bought at $483 will get their money back. As Farhad Manjou warns at the New York Times, in the end the house always wins. In the long term, fundamentals *should* matter. because the value of having the market in the first place isn't to make people rich but to help channel investment to viable businesses. If it doesn't fulfill that function it's time for real reform.

Illustrations: Chart of Gamestop's share price for the three months ending close of business February 4, 2021 (from Big Charts.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.