Originally published at: Pluralistic: 07 Oct 2022 “Don’t install spy on a privacy lab,” and other lessons for university provosts – Pluralistic: Daily links from Cory Doctorow
Today's links
- "Don't spy on a privacy lab" (and other career advice for university provosts): Northeastern grad student vs surveillance-driven austerity.
- Hey look at this: Delights to delectate.
- This day in history: 2002, 2007, 2012, 2017, 2021
- Colophon: Recent publications, upcoming/recent appearances, current writing projects, current reading
"Don't spy on a privacy lab" (and other career advice for university provosts) (permalink)
This is a wild and hopeful story: grad students at Northeastern successfully pushed back against invasive digital surveillance in their workplace, through solidarity, fearlessness, and the bright light of publicity. It's a tale of hand-to-hand, victorious combat with the "shitty technology adoption curve."
What's the "shitty tech adoption curve?" It's the process by which oppressive technologies are normalized and spread. If you want to do something awful with tech – say, spy on people with a camera 24/7 – you need to start with the people who have the least social capital, the people whose objections are easily silenced or overridden.
That's why all our worst technologies are first imposed on refugees -> prisoners -> kids -> mental patients -> poor people, etc. Then, these technologies climb the privilege gradient: blue collar workers -> white collar workers -> everyone. Following this pathway lets shitty tech peddlers knock the rough edges off their wares, inuring us all to their shock and offense.
https://pluralistic.net/2022/08/21/great-taylors-ghost/#solidarity-or-bust
20 years ago, if you ate dinner under the unblinking eye of a CCTV, it was because you were housed in a supermax prison. Today, it's because you were unwise enough to pay hundreds or thousands of dollars for "home automation" from Google, Apple, Amazon or another "luxury surveillance" vendor.
Northeastern's Interdisciplinary Science and Engineering Complex (ISEC) is home to the "Cybersecurity and Privacy Institute," where grad students study the harms of surveillance and the means by which they may be reversed. If there's one group of people who are prepared to stand athwart the shitty tech adoption curve, it is the CPI grad students.
Which makes it genuinely baffling that Northeastern Senior Vice Provost for Research David Luzzi decided to install under-desk heat sensors throughout ISEC, overnight, without notice or consultation. Luzzi signed the paperwork that brought the privacy institute into being.
Students throughout ISEC were alarmed by this move, but especially students on the sixth floor, home to the Privacy Institute. When they demanded an explanation, they were told that the university was conducting a study on "desk usage." This rang hollow: students at the Privacy Institute have assigned desks, and they badge into each room when they enter it.
As Privacy Institute PhD candidate Max von Hippel wrote, "Reader, we have assigned desks, and we use a key-card to get into the room, so, they already know how and when we use our desks."
https://twitter.com/maxvonhippel/status/1578048837746204672
So why was the university suddenly so interested in gathering fine-grained data on desk usage? I asked von Hippel and he told me: "They are proposing that grad students share desks, taking turns with a scheduling web-app, so administrators can take over some of the space currently used by grad students. Because as you know, research always works best when you have to schedule your thinking time."
That's von Hippel's theory, and I'm going to go with it, because Luzzi didn't offer a better one in the flurry of memos and "listening sessions" that took place after the ISEC students arrived at work one morning to discover sensors under their desks.
This is documented in often hilarious detail in von Hippel's thread on the scandal, in which the university administrators commit a series of unforced errors and the grad students run circles around them, in a comedy of errors straight out of "Animal House."
https://twitter.com/maxvonhippel/status/1578048652215431168
After the sensors were discovered, the students wrote to the administrators demanding their removal, on the grounds that there was no scientific purpose for them, that they intimidated students, that they were unnecessary, and that the university had failed to follow its own rules and ask the Institutional Review Board (IRB) to review the move as a human-subjects experiment.
The letter was delivered to Luzzi, who offered "an impromptu listening session" in which he alienated students by saying that if they trusted the university to "give" them a degree, they should trust it to surveil them. The students bristled at this characterization, noting that students deliver research (and grant money) to "make it tick."
The students, believing Luzzi was not taking them seriously, unilaterally removed all the sensors, and stuck them to their kitchen table, annotating and decorating them with Sharpie. This prompted a second, scheduled "listening session" with Luzzi, but this session, while open to all students, was only announced to their professors ("Beware of the leopard").
The students got wind of this, printed up fliers and made sure everyone knew about it. The meeting was packed. Luzzi explained to students that he didn't need IRB approval for his sensors because they weren't "monitoring people." A student countered, what was being monitored, "if not people?" Luzzi replied that he was monitoring "heat sources."
https://github.com/maxvonhippel/isec-sensors-scandal/blob/main/Oct_6_2022_Luzzi_town_hall.pdf
Remember, these are grad students. They asked the obvious question: which heat sources are under desks, if not humans (von Hippel: "rats or kangaroos?"). Luzzi fumbled for a while ("a service animal or something") before admitting, "I guess, yeah, it's a human."
Having yielded the point, Luzzi pivoted, insisting that there was no privacy interest in the data, because "no individual data goes back to the server." But these aren't just grad students – they're grad students who specialize in digital privacy. Few people on earth are better equipped to understand re-identification and de-aggregation attacks.
A student told Luzzi, "This doesn't matter. You are monitoring us, and collecting data for science." Luzzi shot back, "we are not doing science here." This ill-considered remark turned into an on-campus meme. I'm sure it was just blurted in the heat of the moment, but wow, was that the wrong thing to tell a bunch of angry scientists.
From the transcript, it's clear that this is where Luzzi lost the crowd. He accused the students of "feeling emotion" and explaining that the data would be used for "different kinds of research. We want to see how students move around the lab."
Now, as it happens, ISEC has an IoT lab where they take these kinds of measurements. When they do those experiments, students are required to go through IRB, get informed consent, all the stuff that Luzzi had bypassed. When this is pointed out, Luzzi says that they had been given an IRB waiver by the university's Human Research Protection Program (HRPP).
Now a prof gets in on the action, asking, pointedly: "Is the only reason it doesn't fall under IRB is that the data will not be published?" A student followed up by asking how the university could justify blowing $50,000 on surveillance gear when that money would have paid for a whole grad student stipend with money left over.
Luzzi's answers veer into the surreal here. He points out that if he had to hire someone to monitor the students' use of their desks, it would cost more than $50k, implying that the bill for the sensors represents a cost-savings. A student replies with the obvious rejoinder – just don't monitor desk usage, then.
Finally, Luzzi started to hint at the underlying rationale for the sensors, discussing the cost of the facility to the university and dangling the possibility of improving utilization of "research assets." A student replies, "If you want to understand how research is done, don't piss off everyone in this building."
Now that they have at least a vague explanation for what research question Luzzi is trying to answer, the students tear into his study design, explaining why he won't learn what he's hoping to learn. It's really quite a good experimental design critique – these are good students! Within a few volleys, they're pointing out how these sensors could be used to stalk researchers and put them in physical danger.
Luzzi turns the session over to an outside expert via a buggy Zoom connection that didn't work. Finally, a student asks whether it's possible that this meeting could lead to them having a desk without a sensor under it. Luzzi points out that their desk currently doesn't have a sensor (remember, the students ripped them out). The student says, "I assume you'll put one back."
They run out of time and the meeting breaks up. Following this, the students arrange the sensors into a "public art piece" in the lobby – a table covered in sensors spelling out "NO!," surrounded by Sharpie annotations decrying the program.
Meanwhile, students are still furious. It's not just that the sensors are invasive, nor that they are scientifically incoherent, nor that they cost more than a year's salary – they also emit lots of RF noise that interferes with the students' own research. The discussion spills onto Reddit:
https://www.reddit.com/r/NEU/comments/xx7d7p/northeastern_graduate_students_privacy_is_being/
Yesterday, Luzzi capitulated, circulating a memo saying they would pull "all the desk occupancy sensors from the building," due to "concerns voiced by a population of graduate students."
https://twitter.com/maxvonhippel/status/1578101964960776192
The shitty technology adoption curve is relentless, but you can't skip a step! Jumping straight to grad students (in a privacy lab) without first normalizing them by sticking them on the desks of poor kids in underfunded schools (perhaps after first laying off a computer science teacher to free up the budget!) was a huge tactical error.
A more tactically sound version of this is currently unfolding at CMU Computer Science, where grad students have found their offices bugged with sensors that detect movement and collect sound:
https://twitter.com/davidthewid/status/1387909329710366721
The CMU administration has wisely blamed the presence of these devices on the need to discipline low-waged cleaning staff by checking whether they're really vacuuming the offices.
https://twitter.com/davidthewid/status/1387426812972646403
While it's easier to put cleaners under digital surveillance than computer scientists, trying to do both at once is definitely a boss-level challenge. You might run into a scholar like David Gray Widder, who, observing that "this seems like algorithmic management of lowly paid employees to me," unplugged the sensor in his office.
https://twitter.com/davidthewid/status/1387909329710366721
This is the kind of full-stack Luddism this present moment needs. These researchers aren't opposed to sensors – they're challenging the social relations of sensors, who gets sensed and who does the sensing.
https://locusmag.com/2022/01/cory-doctorow-science-fiction-is-a-luddite-literature/
Hey look at this (permalink)
- Contrepreneurs: The Mikkelsen Twins https://www.youtube.com/watch?v=biYciU1uiUw (h/t Metafilter)
-
The Onion's first Supreme Court amicus brief https://www.supremecourt.gov/DocketPDF/22/22-293/242292/20221003125252896_35295545_1-22.10.03%20-%20Novak-Parma%20-%20Onion%20Amicus%20Brief.pdf (ha ha only serious)
-
Jerry Harrison and Adrian Belew perform Remain in Light https://www.youtube.com/watch?app=desktop&v=j4pm8qzWwE8 (h/t Xtrasilky)
This day in history (permalink)
#20yrsago Neil Gaiman kicks McFarlane’s ass in court https://icv2.com/articles/comics/view/1883/gaiman-sweep
#20yrsago Homeless Guy blog https://web.archive.org/web/20020923154740/https://thehomelessguy.blogspot.com/
#20yrsago 9/11, war in Iraq threaten Disney parks https://www.latimes.com/archives/la-xpm-2009-oct-06-fi-ct-disney6-story.html
#20yrsago 1Mb/s through mud https://web.archive.org/web/20021205115701/https://fossil.energy.gov/techline/tl_intellipipe.shtml
#20yrsago Steven Levy’s wireless neighbors https://www.newsweek.com/i-was-wi-fi-freeloader-146877
#15yrsago Modern phrenologists “predict” terrorism with biometrics https://www.sciencedaily.com/releases/2007/10/071005185129.htm
#15yrsago Great firewall of China blocks RSS https://arstechnica.com/uncategorized/2007/10/chinas-great-firewall-turns-its-attention-to-rss-feeds/
#15yrsago CmdrTaco on 10 years of Slashdot https://web.archive.org/web/20071010114621/www.networkperformancedaily.com/2007/10/rob_malda_on_ten_years_of_slas.html
#15yrsago HMG orders Heathrow to fix its security queues https://www.theguardian.com/business/2007/oct/04/transportintheuk.travel
#15yrsago Canadian mint: We own the words “one cent” and Toronto can’t use them https://www.tmcnet.com/usubmit/2007/10/05/2993087.htm
#15yrsago Revolution in Jesusland: building bridges between progressives and born-agains https://web.archive.org/web/20071011020623/http://revolutioninjesusland.com/
#15yrsago Unlocking an iPhone is legal https://slate.com/technology/2007/10/unlocking-apple-s-iphone-is-legal-ethical-and-just-plain-fun.html
#10yrsago 68,000 Texans no longer have to prove they’re not dead in order to vote https://www.loweringthebar.net/2012/10/texas-settles-with-previously-dead-voters.html
#10yrsago Maine GOP attack-flier condemns Democratic candidate for playing an orc rogue in online game https://arstechnica.com/tech-policy/2012/10/candidate-for-maine-state-senate-attacked-for-warcraft-character/
#10yrsago UN’s copyright agency won’t let the Pirate Party in https://web.archive.org/web/20121007041345/http://piratetimes.net/ppi-blocked-from-becoming-observer-members-of-wipo/
#10yrsago Sailor Twain: don’t fall in love with the mermaid of the Hudson valley https://memex.craphound.com/2012/10/04/sailor-twain-dont-fall-in-love-with-the-mermaid-of-the-hudson-valley/
#10yrsago Rumble in the Air-Conditioned Auditorium: Jon Stewart and Bill O’Reilly’s debate kicked ass https://www.theguardian.com/world/2012/oct/07/jon-stewart-bill-oreilly-debate
#10yrsago Supreme Court case will decide whether you own your stuff https://www.marketwatch.com/story/your-right-to-resell-your-own-stuff-is-in-peril-2012-10-04
#5yrsago After massive breach Equifax gets $7.25m no-bid IRS contract to “prevent fraud” https://consumerist.com/2017/10/04/irs-awards-7-25m-fraud-prevention-contract-to-equifax-despite-failure-to-secure-consumers-data/
#5yrsago Analysis of 22 million FCC comments show that humans love Net Neutrality and bots really, really hate it https://www.gravwell.io/blog/discovering-truth-through-lies-on-the-internet-fcc-comments-analyzed
#5yrsago Average Fortune 500 CEO gets a pension of $253,088 every month until they die https://www.latimes.com/business/lazarus/la-fi-lazarus-equifax-pensions-20171003-story.html
#5yrsago Disgraced Equifax CEO blames 145.5 million-record breach on a single forgetful flunky https://www.engadget.com/2017-10-03-former-equifax-ceo-blames-breach-on-one-it-employee.html
#5yrsago Hackers hack hackers to steal their hacking tools and deflect blame https://theintercept.com/2017/10/04/masquerading-hackers-are-forcing-a-rethink-of-how-attacks-are-traced/
#5yrsago “Court guardians” kidnap old people, sell all their stuff, doom victims to pharmaceutical oblivion in institutions https://www.newyorker.com/magazine/2017/10/09/how-the-elderly-lose-their-rights
#5yrsago Theresa May coughs through a catastrophic party conference speech plagued by pranks and a crumbling set https://www.cnn.com/2017/10/04/europe/theresa-may-speech-disaster-conservative-party-conference/index.html
#5yrsago Lifelong Kindergarten: how to learn like a kid, by the co-creator of Scratch https://memex.craphound.com/2017/10/04/lifelong-kindergarten-how-to-learn-like-a-kid-by-the-co-creator-of-scratch/
#5yrsago Slashdot is 20 https://meta.slashdot.org/story/17/10/03/2356229/20-years-of-stuff-that-matters
#5yrsago Canary claws back cloud features from its IoT camera, starts charging $10/month https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change
#5yrsago Prisoners sent to Christian “rehab” diversion programs find themselves in forced-labor camps https://revealnews.org/article/they-thought-they-were-going-to-rehab-they-ended-up-in-chicken-plants/
#5yrsago Seattle’s Nazi tech-bros’ plan: infiltrate tech industry, hire white supremacists https://www.thestranger.com/news/2017/10/04/25451102/we-snuck-into-seattles-super-secret-white-nationalist-convention
#5yrsago Equifax will make hundreds of millions in extra profits from its apocalyptic breach (forever) https://fortune.com/2017/10/04/equifax-breach-elizabeth-warren/
#5yrsago Georgia Sheriff and deputies indicted for repeatedly touching the junk of 900 students at local high-school https://www.techdirt.com/2017/10/06/sheriff-deputies-indicted-after-subjecting-entire-high-school-to-invasive-pat-downs/
#5yrsago JP Morgan-Chase paid its billions in fines for mortgage fraud by committing billions in mortgage fraud https://web.archive.org/web/20171005131636/https://www.thenation.com/article/how-americas-biggest-bank-paid-its-fine-for-the-2008-mortgage-crisis-with-phony-mortgages/
#5yrsago Corporations form coalition to ask a court to ban coalitions (of people the corporations have screwed over) https://theintercept.com/2017/10/06/consumer-protection-arbitration-rule-lawsuit-equifax-wells-fargo/
#1yrago We paid to develop Merck's covid pill: And now they're charging us a 4,000% markup on it https://pluralistic.net/2021/10/06/merck-cenary/#businesslike
#1yrago Dave Eggers' "The Every": A tragicomic look at Big Tech, following from "The Circle" https://pluralistic.net/2021/10/05/masha-rides-again/#everywhere
#1yrago USPS pilots postal banking https://pluralistic.net/2021/10/04/avoidance-is-evasion/#check-cashing
#1yrago The Pandora Papers https://pluralistic.net/2021/10/04/avoidance-is-evasion/#transparency
#1yrago Savage Love A-Z: A bestiary of good sex https://pluralistic.net/2021/10/04/avoidance-is-evasion/#ggg
#1yrago Scottish Limited Partnerships are still laundering criminal millions: Offshore is actually onshore https://pluralistic.net/2021/10/07/markets-in-everything/#if-its-not-scottish
#1yrago "Inclusive Access" allows textbook monopolists to permanently consolidate their gains: Universities are auto-billing students for high-priced, self-destructing textbooks they can't loan or sell https://pluralistic.net/2021/10/07/markets-in-everything/#textbook-abuses
#1yrago DoS a federal agency, then charge for access: Enq carries on a tradition of genuinely terrible startup ideas https://pluralistic.net/2021/10/07/markets-in-everything/#no-th-enq
Colophon (permalink)
Today's top sources: Max von Hippel (https://twitter.com/maxvonhippel).
Currently writing:
- The Bezzle, a Martin Hench noir thriller novel about the prison-tech industry. Yesterday's progress: 528 words (47169 words total)
-
The Internet Con: How to Seize the Means of Computation, a nonfiction book about interoperability for Verso. Yesterday's progress: 506 words (43593 words total)
-
Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. (92849 words total) – ON PAUSE
-
A Little Brother short story about DIY insulin PLANNING
-
Vigilant, Little Brother short story about remote invigilation. FIRST DRAFT COMPLETE, WAITING FOR EXPERT REVIEW
-
Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION
-
Spill, a Little Brother short story about pipeline protests. FINAL DRAFT COMPLETE
-
A post-GND utopian novel, "The Lost Cause." FINISHED
-
A cyberpunk noir thriller novel, "Red Team Blues." FINISHED
Currently reading: Analogia by George Dyson.
Latest podcast: Sound Money https://craphound.com/news/2022/09/11/sound-money/
Upcoming appearances:
- Chokepoint Capitalism event, Books and Books (Miami), Oct 12
https://www.booksandbooks.com/event/in-person-chokepoint-capitalism-an-evening-with-rebecca-giblin-and-cory-doctorow/ -
Reboot Conference, Lincoln Network (Miami), Oct 13
https://www.eventbrite.com/e/reboot-2022-a-conference-exploring-technology-culture-and-politics-tickets-322718568927 -
Library Journal Day of Dialog (Zoom), Oct 20
https://www.libraryjournal.com/event/library-journal-day-of-dialog-2022-fall#program -
Chokepoint Capitalism Event, Argo Bookshop (Montreal), Oct 23
https://www.eventbrite.ca/e/cory-doctorow-at-the-argo-bookshop-tickets-430453747747 -
Surviving Apocalyptic Economics, with Douglas Rushkoff and Rebecca Giblin, Ottawa Writers Festival, Oct 24
https://writersfestival.org/events/fall-2022-in-person-events/surviving-apocalyptic-economics -
World Ethical Data Forum, Oct 26-28
https://worldethicaldataforum.org/ -
Arthur C Clarke Award (DC), Nov 16
https://mailchi.mp/2e2b8a01e992/save-the-date-9142941?e=209e9b41ba
Recent appearances:
- Regulating the Online Public Sphere (Columbia Global Freedom of Expression)
https://youtu.be/0YsnGkFG7o8?t=8412 -
Canadians Connected 2022 with Amber Mac:
https://www.youtube.com/watch?v=T2iM-tPdlnE -
Amazon Billing Amazon for Amazon (Trashfuture)
https://trashfuturepodcast.podbean.com/e/amazon-billing-amazon-for-amazon-feat-cory-doctorow-and-rebecca-giblin/
Latest books:
- "Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
-
"Attack Surface": The third Little Brother novel, a standalone technothriller for adults. The Washington Post called it "a political cyberthriller, vigorous, bold and savvy about the limits of revolution and resistance." Order signed, personalized copies from Dark Delicacies https://www.darkdel.com/store/p1840/Available_Now%3A_Attack_Surface.html
-
"How to Destroy Surveillance Capitalism": an anti-monopoly pamphlet analyzing the true harms of surveillance capitalism and proposing a solution. https://onezero.medium.com/how-to-destroy-surveillance-capitalism-8135e6744d59 (print edition: https://bookshop.org/books/how-to-destroy-surveillance-capitalism/9781736205907) (signed copies: https://www.darkdel.com/store/p2024/Available_Now%3A__How_to_Destroy_Surveillance_Capitalism.html)
-
"Little Brother/Homeland": A reissue omnibus edition with a new introduction by Edward Snowden: https://us.macmillan.com/books/9781250774583; personalized/signed copies here: https://www.darkdel.com/store/p1750/July%3A__Little_Brother_%26_Homeland.html
-
"Poesy the Monster Slayer" a picture book about monsters, bedtime, gender, and kicking ass. Order here: https://us.macmillan.com/books/9781626723627. Get a personalized, signed copy here: https://www.darkdel.com/store/p2682/Corey_Doctorow%3A_Poesy_the_Monster_Slayer_HB.html#/.
Upcoming books:
- Red Team Blues: "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books, April 2023
This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
https://creativecommons.org/licenses/by/4.0/
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
How to get Pluralistic:
Blog (no ads, tracking, or data-collection):
Newsletter (no ads, tracking, or data-collection):
https://pluralistic.net/plura-list
Mastodon (no ads, tracking, or data-collection):
https://mamot.fr/web/accounts/303320
Medium (no ads, paywalled):
(Latest Medium column: "The True Genius of Tech Leaders https://doctorow.medium.com/the-true-genius-of-tech-leaders-46d6e3439989)
Twitter (mass-scale, unrestricted, third-party surveillance and advertising):
Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):
https://mostlysignssomeportents.tumblr.com/tagged/pluralistic
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla