Pluralistic: 23 Nov 2020

Originally published at: https://pluralistic.net/2020/11/23/opsec-and-personal-security/


Today's links



Opsec and personal security (permalink)

Today on the Attack Surface Lectures (8 panels exploring themes from the third Little Brother book, hosted by Tor Books and 8 indie bookstores): Opsec and Personal Cyber-Security, with Runa Sandvik and Window Snyder, recorded on Oct 22 by Third Place Books.

https://www.youtube.com/watch?v=B8tds2b32Pw

You can watch it without Youtube's surveillance courtesy of the Internet Archive:

https://archive.org/details/asl-opsec

Or get the audio as an MP3:

https://archive.org/download/asl-opsec/Opsec%20with%20Runa%20Sandvik%20and%20Window%20Snyder.mp3

Earlier instalments in the series:

I. Politics and Protest (Eva Galperin and Ron Deibert, hosted by The Strand):

https://craphound.com/attacksurface/2020/11/16/the-attack-surface-lectures-politics-and-protest-fixed/

II. Cross-Media Sci-Fi (Amber Benson and John Rogers, hosted by the Brookline Booksmith):

https://craphound.com/attacksurface/2020/11/17/the-attack-surface-lectures-cross-media-sci-fi/

III. Race, surveillance and tech (Meredith Whittaker and Malkia Devich-Cyril, hosted by The Booksmith):

https://craphound.com/attacksurface/2020/11/18/the-attack-surface-lectures-intersectionality-race-surveillance-and-tech-and-its-history/

IV. Cyberpunk & Post-Cyberpunk (Christopher Brown and Bruce Sterling, hosted by Anderson's Bookshop)

https://craphound.com/attacksurface/2020/11/19/the-attack-surface-lectures-cyberpunk-and-post-cyberpunk/

V. Little Revolutions (Tochi Onyebuchi and Bethany C Morrow, hosted by Skylight Books)

https://craphound.com/news/2020/11/20/the-attack-surface-lectures-little-revolutions/

Here's a master post with all the media as it is goes live:

https://craphound.com/news/2020/11/16/attack-surface-lectures-master-post/

And you can also get this as it's posted on my podcast feed – search for "Cory Doctorow podcast" in your podcatcher or use the RSS:

https://feeds.feedburner.com/doctorow_podcast



Australian predictive policing tool for kids (permalink)

Predictive policing tools work really well: they perfectly predict what the police will do. Specifically, they predict whom the police will accuse of crimes, and since only accused people are convicted, they predict who will be convicted, too.

In that sense, predictive policing predicts "crime" – the crimes that the police prosecute are the crimes that the computer tells them to seek out and make arrests over. But that doesn't mean that predictive policing actually fights actual crime.

Instead, predictive policing serves as empirical facewash for bias. Take last year's biased policing statistics, give them to a machine learning model, and ask it where the crime will be next year, and it will tell you that next year's crime will look much the same.

If the police then follow the oracle's bidding and patrol the places they're told to patrol and stop the people they're told to stop, then yup, they will validate the prediction. Like all oracles, predictive policing only works when its self-fulfilling prophecy.

That is the perennial wickedness of fortune-telling, after all, and 'twas ever thus, which is why Dante cursed fortune-tellers to have their heads twisted 180' and left them to weep into their ass-cracks forever as they slogged through molten shit.

If Dante was right, then the police in the Australian state of Victoria have a hell of an eternity ahead of them. They've classed 240 children (as young as ten!) as "youth network offenders" and fed their stats to a secret policing algorithm.

https://www.theguardian.com/australia-news/2020/nov/23/victoria-police-refuses-to-reveal-how-many-young-people-tracked-using-secretive-data-tool

The algorithm – its vendor and name undisclosed – considers the police records of children and predicts "how many crimes they'll commit before the age of 21 with 95% accuracy."

Or, put another way, it tells the police how many crimes to charge the child with between now and their 21st birthday.

The Victoria police won't say how they collect data, what other uses they put it to, how many children were tracked by the program, what oversight exists or whether it's still used.

You will not be surprised to learn that the nexus of the use of this tool is in a place that is "diverse and disadvantaged" (Dandenong, Springvale, Narre Warren and Pakenham) and the children it captured were primarily of Pacific Islander and Sudanese descent.

Victoria's state elections were poisoned by racist fairy-tales of "African gangs," with politicians using these nonexistent criminal threats to discredit their opponents and promise mass surveillance and police crackdowns on racialized children.

Victoria police say they can't disclose any details about the program because of "methodological sensitivities," much in the same way that stage psychics can't disclose how they guess that the lady in the third row has lost a loved one due to "methodological sensitivities."

That is, if they told us how it worked, we'd all see through the trick.

(Image: Cryteria, CC BY, modified)



A textbook grift (permalink)

Last week, I wrote up Marshall Steinbaum's case for forgiving student debt (we're already doing it, but only after it has destroyed debtors' lives).

https://pluralistic.net/2020/11/20/sovkitsch/#student-debt

By counterpoint, Michael Olenick argues that we shouldn't forgive student debt, we should make it easier to discharge it in bankruptcy – that way the predatory lenders get nothing and the bankrupt borrowers aren't stuck with a huge tax bill.

https://www.nakedcapitalism.com/2020/11/michael-olenick-how-biden-could-tackle-the-student-loan-crisis.html

Olenick offers some interesting technical and political notes on this, as well as some zingers (he calls bankruptcy "the Donald Trump special"), but I was struck by a quoted email exchange with Yves Smith about textbook pricing.

Textbooks are thoroughly monopolized, dominated by a handful of publishers who've reinvented themselves as "ed-tech" companies, but the "tech" is largely in service to price gouging.

Textbooks were always expensive, but for many courses (especially introductory ones) this was offset through the robust market in used texts (indeed, I remember an econ prof explaining that the price of textbooks reflected the expectation that many students would buy used).

In the years since I dropped out of university (four universities, two years, no degree, virtually no student debt), textbook publishers have figured out how to keep those high prices while eliminating the used market, extracting ever-larger sums from students.

The method is a combination of convincing profs to produce new editions of texts – even intro texts whose subjects barely change from year to year – and to assign "e-learning" components that require a login (bundled with new books) to read.

Why would profs assign new editions of texts when nothing has changed? Two reasons: first, they get bribed to do so; second, the e-learning resources are revised so they no longer work with old texts.

https://www.vice.com/en/article/pajze9/people-are-finally-fighting-back-against-the-college-textbook-industrys-scam

That's how textbooks have increased in price by 812% (inflation adjusted) since 1972.

In case that seems abstract, Olenick offers a solid example: Paul Krugman's "Economics," a standard introductory text, now in its sixth edition in 15 years.

Olenick: "because, you know, introductory economics for two-year degree students has radically changed since the first edition was published in 2005."

The 6th edition will set you back $395.50.

How about the fifth edition? $126.32 (or $28.95 in paperback). That's new, not used. Why is the fifth marked down by $169.18? Because to use it in a classroom, you have to separately purchase a $115.24 "access code."

This is literally a textbook example a distorted, monopolized market, maintained through grift. It isn't the only reason Americans have $1.7T in student debt, but it's a big part of it.

(Image: Inayaysad, CC BY)



Labor and large firms (permalink)

The labor movement has a complicated relationship with monopolism. For a long time, economists (both right and left) documented the "large firm premium" – the higher wages that workers at big companies got as a share of the companies' high profits.

Concentrated industries can be easier to bargain with, since a strike at a dominant company can effectively shut down the whole industry, bringing all the firms around in one go. By contrast, strikes against small firms have few systemic effects.

But there's definitely a limit to this dynamic: once industries become sufficiently concentrated, they can skip the large firm wage premium and instead mobilize their monopoly profits to crush unions. That's been underway since the Reagan years.

In his newsletter, Brandon Magner offers a good example of how this plays out, courtesy of the Caterpillar-UAW 1990s labor dispute, in which Caterpillar – riding high on its monopolization of its market – refused the contract the UAW had just signed with John Deere.

https://brandonmagner.substack.com/p/labor-law-and-corporate-concentration

Caterpillar's monopoly gave it essentially unlimited funds to fight UAW: they could shift production overseas, mothball or divert local production, made it clear that the UAW's only future with Caterpillar was to take whatever crumbs Caterpillar offered them.

Magner gives another example: the Teamsters' bid to organize Overnite Transportation, a historically rabid anti-union trucking shop that was purchased by the unionized Union Pacific company as part of a monopolistic aquisition spree.

Despite overwhelming early support by Overnite drivers for unionization drives, signing up 25% of the terminals in short order, the company's profits were so large that they could spend bottomlessly to delay subsequent votes.

A brutal three-year strike followed, ending with the Teamsters' surrender. They even gave up on terminals that had voted to join the union. Overnite – like Caterpillar – was too big to beat.

To these examples of how the large firm premium becomes a large firm penalty, I want to add the changes in how the creative guilds in Hollywood lost ground to the studios through monopolization.

The entertainment guilds are a legacy of the New Deal and its revitalization of labor consciousness. Whereas today, independent contractors who seek to form guilds are often punished as "anti-competitive cartels," in the 30s, this was par for the course for many workers.

For decades, guilds bargained as a group, dividing and conquering the studios. The writers, directors, actors, and other guilds would go to the weakest studio and bargain a (very good) contract for all of them. Then, they'd take this deal to the next studio, and the next.

But in 1982, the fractious and fractured Alliance of Motion Picture and Television Producers (the cartel that represented the studios) unified and – emboldened by Reagan's slaughter of the Air Traffic Controllers' union – pushed back hard.

They flipped the negotiations on their head. Today, its the studios who negotiate as a body, and they pick off the guilds one at a time, starting with the weakest, wringing concessions, and then demanding the same from the rest.

Consolidation in the studios made this cartel possible, and kicked off more consolidation (today there are four major studios).

The worse things were, the worse they got. The consolidated studio system conspired with the consolidated talent agencies to accept far lower sums for creatives in exchange for bribes ("packaging fees") to the agencies.

Today, the Writers Guild is nearing (a bloody, hard-fought) victory with the agencies, nearly two years (!) after every guild member fired their agents over this conflict-of-interest.

https://pluralistic.net/2020/08/06/no-vitiated-air/#WME-CAA-next

But at the very same moment, the monopolistic studios – which have been allowed to acquire or create their own distribution channels and other elements of vertical monopolies – are squeezing talent even harder.

To take just one example: now that Disney exclusively distributes its catalog through Disney Plus, there are no more licensing fees of the sort that Disney would get from second-run movie houses, streaming services and TV networks.

But creatives' deals give them a share of these fees, and since they no longer exist, creatives' are frozen out of the revenues from in-house streaming platforms. Disney gets 100% of the revenue from back-catalog on D+, and needn't share any of it with creatives.

Not just Disney: all the studios are creating their own streaming platforms, and so this is replicating across the field. The lesson is clear: the large-firm premium is dead. A fair deal for labor will not emerge from monopolized industries.



The power of procurements (permalink)

The IoT Cybersecurity Act – passed both houses, awaiting presidential signature – is pretty good. It deputizes NIST to come up with standards that any IoT device purchased by the federal government must adhere to.

https://www.congress.gov/bill/116th-congress/house-bill/1668/text

NIST is charged with coming up with guidelines for "secure code, identity management, patching and configuration management" and the GSA has to coordinate vulnerability reporting and response across federal agencies.

https://www.theregister.com/2020/11/18/us_iot_security/

But for me, the most interesting part is the lever that the act pulls on to achieve its policy ends: procurement. Uncle Sam buys a lot of stuff, and when the USG refuses to buy substandard stuff, it puts bad vendors at a serious commercial disadvantage.

That means that bad vendors who want government contracts have to clean up their acts and make better products: not because the law requires them to, but because the government won't spend public money on lemons.

Imagine what administrative agencies (or Congress) can do with this: "No federal agency shall buy a vehicle unless it complies with a suite of comprehensive right-to-repair rules."

Or: "No DoE-funded school will buy ed-tech unless administrators can side-load apps and limit data-collection."

Or: "No US Agency shall communicate with the public on a social media platform unless that platform adheres to meaningful, opt-in consent for data collection."

This is the approach that many US states took after Trump FCC Chair Ajit Pai used a blatantly fraudulent process to dismantle Net Neutrality rules: passed state laws banning state agencies from buying internet service from non-neutral ISPs.

None of this is about telling companies what to do: it's about getting the best possible deal for the public. It's the government living up to its responsibility to spend public money wisely.



Guatemala's guilltoines (permalink)

Guatemala is in bad shape – even by the historic terrible conditions in Guatemala, things are bad. Poverty, covid, and a hurricane have all slammed into each other, with poor and indigenous people caught in the crossfire.

But then Congress acted: they slashed human rights programs, judicial funding, and anti-malnutrition programs….and gave themselves a raise.

After public outrage, they reversed this, but it was too late.

https://www.aljazeera.com/news/2020/11/21/guatemala-protesters-torch-congress-as-simmering-anger-boils-over

The country is literally on fire, with protesters setting the Congressional building ablaze and erecting a guillotine on its steps.

Protesters have gone from demanding a change to the budget bill to demanding the resignation of the entire Congress and the president.

President Alejandro Giammattei has addressed these concerns…

…by publicly condemning vandalism.

(Image: Off Color Decals)



Someone Comes to Town part 24 (permalink)

This week on my podcast: part 24 of my serialized reading of "Someone Comes to Town, Someone Leaves Town," my 2006 novel that Gene Wolfe called "a glorious book unlike any book you’ve ever read."

https://craphound.com/podcast/2020/11/23/someone-comes-to-town-someone-leaves-town-part-24/

You can catch up on the other installments here:

https://craphound.com/podcast/?s=%22someone%20comes%22

and subscribe to my podcast feed here:

https://feeds.feedburner.com/doctorow_podcast

Here's a direct link to the MP3 (hosting courtesy of the Internet Archive; they'll host your stuff for free, forever, too!):

https://ia801406.us.archive.org/4/items/Cory_Doctorow_Podcast_369/Cory_Doctorow_Podcast_369_-_Someone_Comes_to_Town_Someone_Leaves_Town_024.mp3



This day in history (permalink)

#10yrsago Machine of Death goes Creative Commons http://machineofdeath.net/ebook

#10yrsago TSA looks at Adam Savage’s junk, misses his two 12″ razor blades https://www.youtube.com/watch?v=q3yaqq9Jjb4

#5yrsago Blankets: New edition of Craig Thompson’s graphic masterpiece https://memex.craphound.com/2015/11/23/blankets-new-edition-of-craig-thompsons-graphic-masterpiece/

#5yrsago US cops seized more through asset forfeiture in 2014 than US criminals stole through burglary https://www.armstrongeconomics.com/international-news/north_america/americas-current-economy/police-civil-asset-forfeitures-exceed-all-burglaries-in-2014/

#1yrago Without right to repair, the military can’t fix its own battlefield equipment https://www.nytimes.com/2019/11/20/opinion/military-right-to-repair.html

#1yrago Indiana University Provost: The First Amendment says we can’t fire our notorious bigot professor, so here’s what we’re doing instead https://web.archive.org/web/20191121213955/https://provost.indiana.edu/statements/index.html

#1yrago Trump pledged that Amazon would be forced to pay its taxes; thanks to his #taxscam, their profits went up and their taxes stayed $0.00 https://finance.yahoo.com/news/amazon-taxes-zero-180337770.html

#1yrago Civil society groups protest the sale of .ORG to a private equity fund and a collection of Republican billionaires https://savedotorg.org/
#5yrsago What’s inside a “Hello Barbie” surveillance toy? https://www.somersetrecon.com/blog/2015/11/20/hello-barbie-security-part-1-teardown



Colophon (permalink)

Today's top sources: Noah Shifrin, Fipi Lele, Slashdot (https://slashdot.org/), Naked Capitalism (https://www.nakedcapitalism.com/).

Currently writing: My next novel, "The Lost Cause," a post-GND novel about truth and reconciliation. Friday's progress: 515 words (86836 total).

Currently reading: The Ministry for the Future, Kim Stanley Robinson

Latest podcast: Someone Comes to Town, Someone Leaves Town (part 23) https://craphound.com/podcast/2020/11/16/someone-comes-to-town-someone-leaves-town-part-23/

Upcoming appearances:

Recent appearances:

Latest book:


This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/web/accounts/303320

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

When life gives you SARS, you make sarsaparilla -Joey "Accordion Guy" DeVilla

1, Textbook pricing - 10 years at Leeds Uni, I didn’t have to buy any textbooks. For one course there was required reading, but the library was stocked. For another course I’d not have passed without the library.

For one postgrad course the author of a textbook complained about the publisher and delegated us to proof-read the next edition :wink:

  1. The purchasing power of Uncle Sam. This would work best if there’s a sensible seal of approval, then ordinary consumers know whose sht stinks. Though my usual thought on properly auditing this applies: FOSS or GTFO. (I’m bitter about the security auditing a certain 4-letter-word claims to do at work.)

This topic was automatically closed after 15 days. New replies are no longer allowed.