An open letter to the President & U.S. Congress

The DATA Act and the RESTRICT Act are un-American

518 so far! Help us get to 1,000 signers!

I'm alarmed by the Ban TikTok discussion & the RESTRICT Act. We're a democratic country with a First Amendment that guarantees free expression. How does banning a social media platform abide by that principle? Especially since the US government condemns authoritarian governments in other parts of the world for blocking US-based social networks. Examples:

When Nigeria banned Twitter for seven months in June 2021, the U.S. condemned it, reiterating its support for "the fundamental human right of free expression & access to information as a pillar of democracy."

Individuals responsible for the blocking of social media applications in Iran were condemned as "engaging in censorship activities that prohibit, limit, or penalize the exercise of freedom of expression or assembly by citizens of Iran."

When American digital platforms have been banned or severely restricted by governments--including the Chinese Communist Party, Pakistan, & Uganda--seeking to silence & obstruct the open flow of communication & information, the US calls these entities out for it. So why are we doing the same?

TikTok is a red herring. The DATA Act & the RESTRICT Act are very broad & could lead to other apps or communications services with connections to foreign countries being banned in the US. The stated intention is to target apps/services that pose a threat to national security; the way it's currently written raises serious human & civil rights concerns that should be far more important to you.

Caitlin Vogus says: "Any bill that would allow the US government to ban an online service that facilitates Americans' speech raises serious First Amendment concerns…" And those concerns will impact marginalized & oppressed people & groups more.

The "reasoning" behind Ban TikTok is not sound. The racist fearmongering around China is bad enough. Worse is the core of the argument -- data being collected & shared & used against people -- is a problem with ALL social media. Why isn't Congress focusing on that? The apps on your phone (Facebook, Messenger, Instagram, Twitter) are constantly monitoring you & sending information about you to data brokers. Info that can be easily tied to you as an individual despite claims that all the data is "anonymized".

Congress should be addressing the larger problem & not one social network. Restricting what data they can collect about users & forbidding them from selling that data will address the issue with TikTok, too.

I urge you to kill the DATA Act & the RESTRICT Act. They need to be tossed out & more measured legislation proposed in their place that addresses the foundational problems of social media apps & services & the data they collect & who they share it with & how they & other entities use that data.

I know that's not as easy or sexy as Ban TikTok! It does address our Constitutional right to assemble & free expression. That's far more important than knee-jerk reactions & bandwagon jumping.

▶ Created on March 31, 2023 by K T

Text SIGN PNSIMC to 50409

When a correct phone number for me is still very much the wrong number

It's especially annoying to get a PR pitch on the cell phone number that I strive to keep private when I go out of my way to make my work contact info publicly findable.

Cold-called PR pitches are a bad idea that the PR industry can’t seem to let go, but the publicist who called me Tuesday morning managed to transcend the usual problems with that concept–as in, who among us even answers a call from a strange number?–by calling me at the wrong number. No, not some other person’s digits: the actual cell number I’ve had since 2000, which I do not use that for…

View On WordPress

152 Media

Privacy policy

Exercise your rights by emailing [email protected]

Ad-tech targeting is an existential threat

I'm on a 20+ city book tour for my new novel PICKS AND SHOVELS. Catch me TORONTO on SUNDAY (Feb 23) at Another Story Books, and in NYC on WEDNESDAY (26 Feb) with JOHN HODGMAN. More tour dates here.

The commercial surveillance industry is almost totally unregulated. Data brokers, ad-tech, and everyone in between – they harvest, store, analyze, sell and rent every intimate, sensitive, potentially compromising fact about your life.

Late last year, I testified at a Consumer Finance Protection Bureau hearing about a proposed new rule to kill off data brokers, who are the lynchpin of the industry:

https://pluralistic.net/2023/08/16/the-second-best-time-is-now/#the-point-of-a-system-is-what-it-does

The other witnesses were fascinating – and chilling, There was a lawyer from the AARP who explained how data-brokers would let you target ads to categories like "seniors with dementia." Then there was someone from the Pentagon, discussing how anyone could do an ad-buy targeting "people enlisted in the armed forces who have gambling problems." Sure, I thought, and you don't even need these explicit categories: if you served an ad to "people 25-40 with Ivy League/Big Ten law or political science degrees within 5 miles of Congress," you could serve an ad with a malicious payload to every Congressional staffer.

Now, that's just the data brokers. The real action is in ad-tech, a sector dominated by two giant companies, Meta and Google. These companies claim that they are better than the unregulated data-broker cowboys at the bottom of the food-chain. They say they're responsible wielders of unregulated monopoly surveillance power. Reader, they are not.

Meta has been repeatedly caught offering ad-targeting like "depressed teenagers" (great for your next incel recruiting drive):

https://www.technologyreview.com/2017/05/01/105987/is-facebook-targeting-ads-at-sad-teens/

And Google? They just keep on getting caught with both hands in the creepy commercial surveillance cookie-jar. Today, Wired's Dell Cameron and Dhruv Mehrotra report on a way to use Google to target people with chronic illnesses, people in financial distress, and national security "decision makers":

https://www.wired.com/story/google-dv360-banned-audience-segments-national-security/

Google doesn't offer these categories itself, they just allow data-brokers to assemble them and offer them for sale via Google. Just as it's possible to generate a target of "Congressional staffers" by using location and education data, it's possible to target people with chronic illnesses based on things like whether they regularly travel to clinics that treat HIV, asthma, chronic pain, etc.

Google claims that this violates their policies, and that they have best-of-breed technical measures to prevent this from happening, but when Wired asked how this data-broker was able to sell these audiences – including people in menopause, or with "chronic pain, fibromyalgia, psoriasis, arthritis, high cholesterol, and hypertension" – Google did not reply.

The data broker in the report also sold access to people based on which medications they took (including Ambien), people who abuse opioids or are recovering from opioid addiction, people with endocrine disorders, and "contractors with access to restricted US defense-related technologies."

It's easy to see how these categories could enable blackmail, spear-phishing, scams, malvertising, and many other crimes that threaten individuals, groups, and the nation as a whole. The US Office of Naval Intelligence has already published details of how "anonymous" people targeted by ads can be identified:

https://www.odni.gov/files/ODNI/documents/assessments/ODNI-Declassified-Report-on-CAI-January2022.pdf

The most amazing part is how the 33,000 targeting segments came to public light: an activist just pretended to be an ad buyer, and the data-broker sent him the whole package, no questions asked. Johnny Ryan is a brilliant Irish privacy activist with the Irish Council for Civil Liberties. He created a fake data analytics website for a company that wasn't registered anywhere, then sent out a sales query to a brokerage (the brokerage isn't identified in the piece, to prevent bad actors from using it to attack targeted categories of people).

Foreign states, including China – a favorite boogeyman of the US national security establishment – can buy Google's data and target users based on Google ad-tech stack. In the past, Chinese spies have used malvertising – serving targeted ads loaded with malware – to attack their adversaries. Chinese firms spend billions every year to target ads to Americans:

https://www.nytimes.com/2024/03/06/business/google-meta-temu-shein.html

Google and Meta have no meaningful checks to prevent anyone from establishing a shell company that buys and targets ads with their services, and the data-brokers that feed into those services are even less well-protected against fraud and other malicious act.

All of this is only possible because Congress has failed to act on privacy since 1988. That's the year that Congress passed the Video Privacy Protection Act, which bans video store clerks from telling the newspapers which VHS cassettes you have at home. That's also the last time Congress passed a federal consumer privacy law:

https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act

The legislative history of the VPPA is telling: it was passed after a newspaper published the leaked video-rental history of a far-right judge named Robert Bork, whom Reagan hoped to elevate to the Supreme Court. Bork failed his Senate confirmation hearings, but not because of his video rentals (he actually had pretty good taste in movies). Rather, it was because he was a Nixonite criminal and virulent loudmouth racist whose record was strewn with the most disgusting nonsense imaginable).

But the leak of Bork's video-rental history gave Congress the cold grue. His video rental history wasn't embarrassing, but it sure seemed like Congress had some stuff in its video-rental records that they didn't want voters finding out about. They beat all land-speed records in making it a crime to tell anyone what kind of movies they (and we) were watching.

And that was it. For 37 years, Congress has completely failed to pass another consumer privacy law. Which is how we got here – to this moment where you can target ads to suicidal teens, gambling addicted soldiers in Minuteman silos, grannies with Alzheimer's, and every Congressional staffer on the Hill.

Some people think the problem with mass surveillance is a kind of machine-driven, automated mind-control ray. They believe the self-aggrandizing claims of tech bros to have finally perfected the elusive mind-control ray, using big data and machine learning.

But you don't need to accept these outlandish claims – which come from Big Tech's sales literature, wherein they boast to potential advertisers that surveillance ads are devastatingly effective – to understand how and why this is harmful. If you're struggling with opioid addiction and I target an ad to you for a fake cure or rehab center, I haven't brainwashed you – I've just tricked you. We don't have to believe in mind-control to believe that targeted lies can cause unlimited harms.

And those harms are indeed grave. Stein's Law predicts that "anything that can't go on forever eventually stops." Congress's failure on privacy has put us all at risk – including Congress. It's only a matter of time until the commercial surveillance industry is responsible for a massive leak, targeted phishing campaign, or a ghastly national security incident involving Congress. Perhaps then we will get action.

In the meantime, the coalition of people whose problems can be blamed on the failure to update privacy law continues to grow. That coalition includes protesters whose identities were served up to cops, teenagers who were tracked to out-of-state abortion clinics, people of color who were discriminated against in hiring and lending, and anyone who's been harassed with deepfake porn:

https://pluralistic.net/2023/12/06/privacy-first/#but-not-just-privacy

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2025/02/20/privacy-first-second-third/#malvertising

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

So I was watching this video and it got me thinking. I've heard before that it's impossible these days to not be tracked at all, so it's more effective to poison the well; give tons of bad data so that any accurate data is unusable. I'm surprised, then, that I haven't seen any services like incogni that at least claim to do something like that, given that—unlike what these data protection companies currently do—that could actually be effective. Has anyone heard of any service that does that?

I hate how people who actually like Discord now say that they do not care about their data anymore.

Because your favorite app never was interested in you and you cannot cope with that, you just go "I never cared anyways"

That's a fucking lie. That's what Data brokers try to tell you while they CONTINUE to sell your data! You can't just say that!

Please please, as a User you have the right to keep your data protected! You can tell ANY app to delete your data! You have the right!

"It's just my Data"; It's your LIVELIHOOD. THAT'S YOUR PHONE NUMBER, YOUR EMAIL ADDRESS, YOUR BIRTHDAY, YOUR FRIENDS, YOUR FAMILY, YOUR WORK, YOUR FACE. PLEASE, PLEASE CARE ABOUT YOUR DATA AND YOUR RIGHTS!!!

- sincerely, a crying IT guy

.

Law enforcement’s ability to track and profile political protestors has become increasingly multifaceted and technology driven.

In this edition of Incognito Mode WIRED Senior Editor, Security & Investigations Andrew Couts and WIRED Senior Writer Lily Hay Newman discuss the technologies used by law enforcement that put citizens' privacy at risk—and how to avoid them.

Feeling an acute sense of loss as friends willingly allow their brains to turn to mush through GenAI and algorithmic manipulation.

I work in strategic comms and maintaining cognitive autonomy is a core imperative for me. And not just because of my work - I'm not formally trained in comms I just defaulted into it after art school because it suits how my brain works. "Strategic" was added as my work matured because guess what I'm very fucking good at it.

What I'm watching all around me is a sickening surrender. A horrific cognitive erosion. The end result, which will be almost impossible to detangle, is a fundamental loss of free will. People I thought were aware are flippantly trading their agency and cognitive skills for the novelty of "magic robot talks to me!". I'm over here sending up warning flags, trying not to sound crazy, and it already feels too late.

I started a staff thread at work trying to temper the AI "lunch n learns" that were essentially just big marketing pushes presented by a nonprofit entirely funded by GenAI's largest stakeholders and was directed to move the information into a folder and add whatever I found there. No one is gonna look at it there, the conversation was nipped.

So yeah I'm returning to my flower business. It's a retreat for me but also a space where others can reconnect with what is real. An acre of gardens, hands-on engagement, phones-away processing. Waving red flags isn't working, so I'm going to focus on how it feels to touch, see, smell and breathe. Flowers as a teensy lifeboat for those who care to remember.

Loophole In Federal Law Enables Government Agencies To Buy data Gathered From Your Cellphone

Local, state, and federal law enforcement agencies have turned to buying data about Americans directly from data brokers.

View On WordPress

This is terrifying!

Trading is about timing. If you don’t understand what cycle the market is in, when to identify manipulation and when to target that manipulation - you’re never going to see this setup.

Each previous market session gives us vital clues on what we’re looking for and when to look for it.

For more join us .

Laliga

Privacy policy

Data Protection Officer: [email protected]

Email [email protected] to exercise your privacy rights if you believe they may have your data.

This may be a connected service. Check for "LALIGA Ecosistema" on Google and Facebook. As long as it is still connected, it can still access and use your data.

They were warned

Picks and Shovels is a new, standalone technothriller starring Marty Hench, my two-fisted, hard-fighting, tech-scam-busting forensic accountant. You can pre-order it on my latest Kickstarter, which features a brilliant audiobook read by Wil Wheaton.

Truth is provisional! Sometimes, the things we understand to be true about the world change, and stuff we've "always done" has to change, too. There comes a day when the evidence against using radium suppositories is overwhelming, and then you really must dig that radium out of your colon and safely dispose of it:

https://pluralistic.net/2024/09/19/just-stop-putting-that-up-your-ass/#harm-reduction

So it's natural and right that in the world, there will be people who want to revisit the received wisdom and best practices for how we live our lives, regulate our economy, and organize our society. But not a license to simply throw out the systems we rely on. Sure, maybe they're outdated or unnecessary, but maybe not. That's where "Chesterton's Fence" comes in:

Let us say, for the sake of simplicity, a fence or gate erected across a road. The more modern type of reformer goes gaily up to it and says, "I don't see the use of this; let us clear it away." To which the more intelligent type of reformer will do well to answer: "If you don't see the use of it, I certainly won't let you clear it away. Go away and think. Then, when you can come back and tell me that you do see the use of it, I may allow you to destroy it."

https://en.wikipedia.org/wiki/G._K._Chesterton#Chesterton's_fence

In other words, it's not enough to say, "This principle gets in the way of something I want to do, so let's throw it out because I'm pretty sure the inconvenience I'm experiencing is worse than the consequences of doing away with this principle." You need to have a theory of how you will prevent the harms the principle protects us from once you tear it down. That theory can be "the harms are imaginary" so it doesn't matter. Like, if you get rid of all the measures that defend us from hexes placed by evil witches, it's OK to say, "This is safe because evil witches aren't real and neither are hexes."

But you'd better be sure! After all, some preventative measures work so well that no living person has experienced the harms they guard us against. It's easy to mistake these for imaginary or exaggerated. Think of the antivaxers who are ideologically committed to a world in which human beings do not have a shared destiny, meaning that no one has a moral claim over the choices you make. Motivated reasoning lets those people rationalize their way into imagining that measles – a deadly and ferociously contagious disease that was a scourge for millennia until we all but extinguished it – was no big deal:

https://en.wikipedia.org/wiki/Measles:_A_Dangerous_Illness

There's nothing wrong with asking whether longstanding health measures need to be carried on, or whether they can be sunset. But antivaxers' sloppy, reckless reasoning about contagious disease is inexcusable. They were warned, repeatedly, about the mass death and widespread lifelong disability that would follow from their pursuit of an ideological commitment to living as though their decisions have no effect on others. They pressed ahead anyway, inventing ever-more fanciful reasons why health is a purely private matter, and why "public health" was either a myth or a Communist conspiracy:

https://www.conspirituality.net/episodes/brief-vinay-prasad-pick-me-campaign

When RFK Jr kills your kids with measles or permanently disables them with polio, he doesn't get to say "I was just inquiring as to the efficacy of a longstanding measure, as is right and proper." He was told why the vaccine fence was there, and he came up with objectively very stupid reasons why that didn't matter, and then he killed your kids. He was warned.

Fuck that guy.

Or take Bill Clinton. From 1933 until 1999, American banks were regulated under the Glass-Steagall Act, which "structurally separated" them. Under structural separation, a "retail bank" – the bank that holds your savings and mortgage and provides you with a checkbook – could not be "investment bank." That meant it couldn't own or invest in businesses that competed with the businesses its depositors and borrowers ran. It couldn't get into other lines of business, either, like insurance underwriting.

Glass-Steagall was a fence that stood between retail banks and the casino economy. It was there for a fucking great reason: the failure to structurally separate banks allowed them to act like casinos, inflating a giant market bubble that popped on Black Friday in October 1929, kicking off the Great Depression. Congress built the structural separation fence to keep banks from doing it again.

In the 1990s, Bill Clinton agitated for getting rid of Glass-Steagall. He argued that new economic controls would allow the government to prevent another giant bubble and crash. This time, the banks would behave themselves. After all, hadn't they demonstrated their prudence for seven decades?

In fact, they hadn't. Every time banks figured out how to slip out of regulatory constraints they inflated another huge bubble, leading to another massive crash that made the rich obscenely richer and destroyed ordinary savers' lives. Clinton took office just as one of these finance-sector bombs – the S&L Crisis – was detonating. Clinton had no basis – apart from wishful thinking – to believe that deregulating banks would lead to anything but another gigantic crash.

But Clinton let his self interest – in presiding over a sugar-high economic expansion driven by deregulation – overrule his prudence (about the crash that would follow). Sure enough, in the last months of Clinton's presidency, the stock market imploded with the March 2000 dot-bomb. And because Congress learned nothing from the dot-com crash and declined to restore the Glass-Steagall fence, the crash led to another bubble, this time in subprime mortgages, and then, inevitably, we suffered the Great Financial Crisis.

Look: there's no virtue in having bank regulations for the sake of having them. It is conceptually possible for bank regulations to be useless or even harmful. There's nothing wrong with investigating whether the 70-year old Glass-Steagall Act was still needed in 1999. But Clinton was provided with a mountain of evidence about why Glass-Steagall was the only thing standing between Americans and economic chaos, including the evidence of the S&L Crisis, which was still underway when he took office, and he ignored all of them. If you lost everything – your home, your savings, your pension – in the dot-bomb or the Great Financial Crisis, Bill Clinton is to blame. He was warned. he ignored the warnings.

Fuck that guy.

No, seriously, fuck Bill Clinton. Deregulating banks wasn't Clinton's only passion. He also wanted to ban working cryptography. The cornerstone of Clinton's tech policy was the "Clipper Chip," a backdoored encryption chip that, by law, every technology was supposed to use. If Clipper had gone into effect, then cops, spooks, and anyone who could suborn, bribe, or trick a cop or a spook could break into any computer, server, mobile device, or embedded system in America.

When Clinton was told – over and over, in small, easy-to-understand words – that there was no way to make a security system that only worked when "bad guys" tried to break into it, but collapsed immediately if a "good guy" wanted to bypass it. We explained to him – oh, how we explained to him! – that working encryption would be all that stood between your pacemaker's firmware and a malicious update that killed you where you stood; all that stood between your antilock brakes' firmware and a malicious update that sent you careening off a cliff; all that stood between businesses and corporate espionage, all that stood between America and foreign state adversaries wanting to learn its secrets.

In response, Clinton said the same thing that all of his successors in the Crypto Wars have said: NERD HARDER! Just figure it out. Cops need to look at bad guys' phones, so you need to figure out how to make encryption that keeps teenagers safe from sextortionists, but melts away the second a cop tries to unlock a suspect's phone. Take Malcolm Turnbull, the former Australian Prime Minister. When he was told that the laws of mathematics dictated that it was impossible to build selectively effective encryption of the sort he was demanding, he replied, "The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia":

https://www.eff.org/deeplinks/2017/07/australian-pm-calls-end-end-encryption-ban-says-laws-mathematics-dont-apply-down

Fuck that guy. Fuck Bill Clinton. Fuck a succession of UK Prime Ministers who have repeatedly attempted to ban working encryption. Fuck 'em all. The stakes here are obscenely high. They have been warned, and all they say in response is "NERD HARDER!"

https://pluralistic.net/2023/03/05/theyre-still-trying-to-ban-cryptography/

Now, of course, "crypto means cryptography," but the other crypto – cryptocurrency – deserves a look-in here. Cryptocurrency proponents advocate for a system of deregulated money creation, AKA "wildcat currencies." They say, variously, that central banks are no longer needed; or that we never needed central banks to regulate the money supply. Let's take away that fence. Why not? It's not fit for purpose today, and maybe it never was.

Why do we have central banks? The Fed – which is far from a perfect institution and could use substantial reform or even replacement – was created because the age of wildcat currencies was a nightmare. Wildcat currencies created wild economic swings, massive booms and even bigger busts. Wildcat currencies are the reason that abandoned haunted mansions feature so heavily in the American imagination: American towns and cities were dotted with giant mansions built by financiers who'd grown rich as bubbles expanded, then lost it all after the crash.

Prudent management of the money supply didn't end those booms and busts, but it substantially dampened them, ending the so-called "business cycle" that once terrorized Americans, destroying their towns and livelihoods and wiping out their savings.

It shouldn't surprise us that a new wildcat money sector, flogging "decentralized" cryptocurrencies (that they are nevertheless weirdly anxious to swap for your gross, boring old "fiat" money) has created a series of massive booms and busts, with insiders getting richer and richer, and retail investors losing everything.

If there was ever any doubt about whether wildcat currencies could be made safe by putting them on a blockchain, it is gone. Wildcat currencies are as dangerous today as they were in the 18th and 19th century – only moreso, since this new bad paper relies on the endless consumption of whole rainforests' worth of carbon, endangering not just our economy, but also the habitability of the planet Earth.

And nevertheless, the Trump administration is promising a new crypto golden age (or, ahem, a Gilded Age). And there are plenty of Democrats who continue to throw in with the rotten, corrupt crypto industry, which flushed billions into the 2024 election to bring Trump to office. The result is absolutely going to be more massive bubbles and life-destroying implosions. Fuck those guys. They were warned, and they did it anyway.

Speaking of the climate emergency: greetings from smoky Los Angeles! My city's on fire. This was not an unforeseeable disaster. Malibu is the most on-fire place in the world:

https://longreads.com/2018/12/04/the-case-for-letting-malibu-burn/

Since 1919, the region has been managed on the basis of "total fire suppression." This policy continued long after science showed that this creates "fire debt" in the form of accumulated fuel. The longer you go between fires, the hotter and more destructive those fires become, and the relationship is nonlinear. A 50-year fire isn't 250% more intense than a 20-year fire: it's 50,000% more intense.

Despite this, California has invested peanuts in regular controlled burns, which has created biennial uncontrolled burns – wildfires that cost thousands of times more than any controlled burn.

Speaking of underinvestment: PG&E has spent decades extracting dividends for its investors and bonuses for its execs, while engaging in near-total neglect of maintenance of its high-voltage transmission lines. Even with normal winds, these lines routinely fall down and start blazes.

But we don't have normal winds. The climate emergency has been steadily worsening for decades. LA is just the latest place to be on fire, or under water, or under ice, or baking in wet bulb temperatures. Last week in southern California, we were warned to expect gusts of 120mph.

They were warned. #ExxonKnew: in the early 1970s, Exxon's own scientists warned them that fossil fuel consumption would kick off climate change so drastic that it would endanger human civilzation. Exxon responded by burying the reports and investing in climate denial:

https://exxonknew.org/

They were warned! Warned about fire debt. Warned about transmission lines. Warned about climate change. And specific, named people, who individually had the power to heed these warnings and stave off disaster, ignored the warnings. They didn't make honest mistakes, either: they ignored the warnings because doing so made them extraordinarily, disgustingly rich. They used this money to create dynastic fortunes, and have created entire lineages of ultra-wealthy princelings in $900,000 watches who owe it all to our suffering and impending dooml

Fuck those guys. Fuck 'em all.

We've had so many missed opportunities, chances to make good policy or at least not make bad policy. The enshitternet didn't happen on its own. It was the foreseeable result of choices – again, choices made by named individuals who became very wealthy by ignoring the warnings all around them.

Let's go back to Bill Clinton, because more than anyone else, Clinton presided over some terrible technology regulations. In 1998, Clinton signed the Digital Millennium Copyright Act, a bill championed by Barney Frank (fuck that guy, too). Under Section 1201 of the Digital Millennium Copyright Act, it's a felony, punishable by a five year prison sentence, and a $500,000 fine, to tamper with a "digital lock."

That means that if HP uses a digital lock to prevent you from using third-party ink, it's a literal crime to bypass that lock. Which is why HP ink now costs $10,000/gallon, and why you print your shopping lists with colored water that costs more, ounce for ounce, than the sperm of a Kentucky Derby winner:

https://pluralistic.net/2024/09/30/life-finds-a-way/#ink-stained-wretches

Clinton was warned that DMCA 1201 would soon metastasize into every kind of device – not just the games consoles and DVD players where it was first used, but medical implants, tractors, cars, home appliances – anything you could put a microchip into (Jay Freeman calls this "felony contempt of business-model"):

https://pluralistic.net/2023/07/24/rent-to-pwn/#kitt-is-a-demon

He ignored those warnings and signed the DMCA anyway (fuck that guy). Then, under Bush (fuck that guy), the US Trade Representative went all around the world demanding that America's trading partners adopt versions of this law (fuck that guy). In 2001, the European Parliament capitulated, enacting the EU Copyright Directive, whose Article 6 is a copy-paste of DMCA 1201 (fuck all those people).

Fast forward 20 years, and boy is there a lot of shit with microchips that can be boobytrapped with rent-extracting logic bombs that are illegal to research, describe, or disable.

Like choo-choo trains.

Last year, the Polish hacking group Dragon Sector was contacted by a public sector train company whose Newag trains kept going out of service. The operator suspected that Newag had boobytrapped the trains to punish the train company for getting its maintenance from a third-party contractor. When Dragon Sector investigated, they discovered that Newag had indeed riddled the trains' firmware with boobytraps. Trains that were taken to locations known to have third-party maintenance workshops were immediately bricked (hilariously, this bomb would detonate if trains just passed through stations near to these workshops, which is why another train company had to remove all the GPSes from its trains – they kept slamming to a halt when they approached a station near a third-party workshop). But Newag's logic bombs would brick trains for all kinds of reasons – merely keeping a train stationary for too many days would result in its being bricked. Installing a third-party component in a locomotive would also trigger a bomb, bricking the train.

In their talk at last year's Chaos Communications Congress, the Dragon Sector folks describe how they have been legally terrorized by Newag, which has repeatedly sued them for violating its "intellectual property" by revealing its sleazy, corrupt business practices. They also note that Newag continues to sell lots of trains in Poland, despite the widespread knowledge of its dirty business model, because public train operators are bound by procurement rules, and as long as Newag is the cheapest bidder, they get the contract:

https://media.ccc.de/v/38c3-we-ve-not-been-trained-for-this-life-after-the-newag-drm-disclosure

The laws that let Newag make millions off a nakedly corrupt enterprise – and put the individuals who blew the whistle on it at risk of losing everything – were passed by Members of the European Parliament who were warned that this would happen, and they ignored those warnings, and now it's happening. Fuck those people, every one of 'em.

It's not just European parliamentarians who ignored warnings and did the bidding of the US Trade Representative, enacting laws that banned tampering with digital locks. In 2010, two Canadian Conservative Party ministers in the Stephen Harper government brought forward similar legislation. These ministers, Tony Clement (now a disgraced sex-pest and PPE grifter) and James Moore (today, a sleazeball white-shoe corporate lawyer), held a consultation on this proposal.

6, 138 people wrote in to say, "Don't do this, it will be hugely destructive." 54 respondents wrote in support of it. Clement and Moore threw out the 6,138 opposing comments. Moore explained why: these were the "babyish" responses of "radical extremists." The law passed in 2012.

Last year, the Canadian Parliament passed bills guaranteeing Canadians the Right to Repair and the right to interoperability. But Canadians can't act on either of these laws, because they would have to tamper with a digital lock to do so, and that's illegal, thanks to Tony Clement and James Moore. Who were warned. And who ignored those warnings. Fuck those guys:

https://pluralistic.net/2024/11/15/radical-extremists/#sex-pest

Back in the 1990s, Bill Clinton had a ton of proposals for regulating the internet, but nowhere among those proposals will you find a consumer privacy law. The last time an American president signed a consumer privacy law was 1988, when Reagan signed the Video Privacy Protection Act and ensured that Americans would never have to worry that video-store clerks where telling the newspapers what VHS cassettes they took home.

In the years since, Congress has enacted exactly zero consumer privacy laws. None. This has allowed the out-of-control, unregulated data broker sector to metastasize into a cancer on the American people. This is an industry that fuels stalkers, discriminatory financial and hiring algorithms, and an ad-tech sector that lets advertisers target categories like "teenagers with depression," "seniors with dementia" and "armed service personnel with gambling addictions."

When the people cry out for privacy protections, Congress – and the surveillance industry shills that fund them – say we don't need a privacy law. The market will solve this problem. People are selling their privacy willingly, and it would be an "undue interference in the market" if we took away your "freedom to contract" by barring companies from spying on you after you clicked the "I agree" button.

These people have been repeatedly warned about the severe dangers to the American public – as workers, as citizens, as community members, and as consumers – from the national privacy free-for-all, and have done nothing. Fuck them, every one:

https://pluralistic.net/2023/12/06/privacy-first/#but-not-just-privacy

Now, even a stopped clock is right twice a day, and not every one of Bill Clinton's internet policies was terrible. He had exactly one great policy, and, ironically, that's the one there's the most energy for dismantling. That policy is Section 230 of the Communications Decency Act (a law that was otherwise such a dumpster fire that the courts struck it down). Chances are, you have been systematically misled about the history, use, and language of Section 230, which is wild, because it's exactly 26 words long and fits in a single tweet:

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

Section 230 was passed because when companies were held liable for their users' speech, they "solved" this problem by just blocking every controversial thing a user said. Without Section 230, there would be no Black Lives Matter, no #MeToo – no online spaces where the powerful were held to account. Meanwhile, rich and powerful people would continue to enjoy online platforms where they and their bootlickers could pump out the most grotesque nonsense imaginable, either because they owned those platforms (ahem, Twitter and Truth Social) or because rich and powerful people can afford the professional advice needed to navigate the content-moderation bureaucracies of large systems.

We know exactly what the internet looks like when platforms are civilly liable for their users' speech: it's an internet where marginalized and powerless people are silenced, and where the people who've got a boot on their throats are the only voices you can hear:

https://www.techdirt.com/2020/06/23/hello-youve-been-referred-here-because-youre-wrong-about-section-230-communications-decency-act/

The evidence for this isn't limited to the era of AOL and Prodigy. In 2018, Trump signed SESTA/FOSTA, a law that held platforms liable for "sex trafficking." Advocates for this law – like Ashton Kutcher, who campaigns against sexual assault unless it involves one of his friends, in which case he petitions the judge for leniency – were warned that it would be used to shut down all consensual sex work online, making sex workers's lives much more dangerous. This warnings were immediately borne out, and they have been repeatedly borne out every month since. Killing CDA 230 for sex work brought back pimping, exposed sex workers to grave threats to their personal safety, and made them much poorer:

https://decriminalizesex.work/advocacy/sesta-fosta/what-is-sesta-fosta/

It also pushed sex trafficking and other nonconsensual sex into privateforums that are much harder for law enforcement to monitor and intervene in, making it that much harder to catch sex traffickers:

https://cdt.org/insights/its-all-downsides-hybrid-fosta-sesta-hinders-law-enforcement-hurts-victims-and-speakers/

This is exactly what SESTA/FOSTA's advocates were warned of. They were warned. They did it anyway. Fuck those people.

Maybe you have a theory about how platforms can be held civilly liable for their users' speech without harming marginalized people in exactly the way that SESTA/FOSTA, it had better amount to more than "platforms are evil monopolists and CDA 230 makes their lives easier." Yes, they're evil monopolists. Yes, 230 makes their lives easier. But without 230, small forums – private message boards, Mastodon servers, Bluesky, etc – couldn't possibly operate.

There's a reason Mark Zuckerberg wants to kill CDA 230, and it's not because he wants to send Facebook to the digital graveyard. Zuck knows that FB can operate in a post-230 world by automating the deletion of all controversial speech, and he knows that small services that might "disrupt" Facebook's hegemony would be immediately extinguished by eliminating 230:

https://www.nbcnews.com/tech/tech-news/zuckerberg-calls-changes-techs-section-230-protections-rcna486

It's depressing to see so many comrades in the fight against Big Tech getting suckered into carrying water for Zuck, demanding the eradication of CDA 230. Please, I beg you: look at the evidence for what happens when you remove that fence. Heed the warnings. Don't be like Bill Clinton, or California fire suppression officials, or James Moore and Tony Clement, or the European Parliament, or the US Trade Rep, or cryptocurrency freaks, or Malcolm Turnbull.

Or Ashton fucking Kutcher.

Because, you know, fuck those guys.

Check out my Kickstarter to pre-order copies of my next novel, Picks and Shovels!

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2025/01/13/wanting-it-badly/#is-not-enough

Today, Mozilla Monitor (previously called Firefox Monitor), a free service that notifies you when your email has been part of a breach, announced its new paid subscription service offering: automatic data removal and continuous monitoring of your exposed personal information.

On your behalf, Mozilla Monitor will start with data removal requests, then scan every month to make sure your personal information stays off data broker sites. Monitor Plus will let you know once your personal information has been removed from more than 190+ data broker sites.