An open letter to the U.S. Congress

Stop Elon Musk from stealing our personal information!

6,399 so far! Help us get to 10,000 signers!

I am writing to urge you to stop Elon Musk from stealing our personal information.

It appears Musk has hacked into millions of Americans’ personal information and now has access to their taxes, Social Security, student debt and financial aid filings. Musk's so-called Department of Government Efficiency was not created by Congress—it is operating with zero transparency and in clear violation of federal law.

This violation of our privacy is causing American families across the country to fear for our privacy, safety and dignity. If this goes unchecked, Musk could steal our private data to help in making cuts to vital government programs that our families depend on—and to make it easier to cut taxes for himself and other billionaires.

We must have guardrails to stop this unlawful invasion of privacy.

Congress and the Trump administration must stop Elon Musk from stealing Americans' tax and other private data.

▶ Created on February 10 by Jess Craven · 6,398 signers in the past 7 days

📱 Text SIGN PUTWGR to 50409

🤯 Text FOLLOW JESSCRAVEN101 to 50409

घिबली स्टाइल तस्वीरों का क्रेज: मस्ती के साथ छिपा है बड़ा खतरा! #News #HindiNews #IndiaNews #RightNewsIndia

The Alarming Rise of Impersonation Frauds in the K-Pop World: A Case Study on BTS

In recent times, the K-Pop community was shaken by a startling event that involved impersonation of the globally renowned BTS members. This article delves into the intricate details of the case, unraveling how a man in his 20s illegally acquired unreleased music tracks by masquerading as a BTS member, leading to significant legal repercussions. Furthermore, the occurrence of a separate fraud,…

View On WordPress

Cybersecurity: Follow 7 Best Practices to Protect Personal Data Now

Introduction:Recognizing the Need for Cybersecurity1. PasswordsUse Secure and Original PasswordsLength and ComplexityAvoid Using Personal InformationCreate a Unique Password for Each AccountPassword Manager2FA, or two-factor authentication2. Maintain Up-to-Date Software and EquipmentUpdates to the operating systemUpdates for web browsersAntivirus and security software updates3. Warning: Phishing…

View On WordPress

Shifting $677m from the banks to the people, every year, forever

I'll be in TUCSON, AZ from November 8-10: I'm the GUEST OF HONOR at the TUSCON SCIENCE FICTION CONVENTION.

"Switching costs" are one of the great underappreciated evils in our world: the more it costs you to change from one product or service to another, the worse the vendor, provider, or service you're using today can treat you without risking your business.

Businesses set out to keep switching costs as high as possible. Literally. Mark Zuckerberg's capos send him memos chortling about how Facebook's new photos feature will punish anyone who leaves for a rival service with the loss of all their family photos – meaning Zuck can torment those users for profit and they'll still stick around so long as the abuse is less bad than the loss of all their cherished memories:

https://www.eff.org/deeplinks/2021/08/facebooks-secret-war-switching-costs

It's often hard to quantify switching costs. We can tell when they're high, say, if your landlord ties your internet service to your lease (splitting the profits with a shitty ISP that overcharges and underdelivers), the switching cost of getting a new internet provider is the cost of moving house. We can tell when they're low, too: you can switch from one podcatcher program to another just by exporting your list of subscriptions from the old one and importing it into the new one:

https://pluralistic.net/2024/10/16/keep-it-really-simple-stupid/#read-receipts-are-you-kidding-me-seriously-fuck-that-noise

But sometimes, economists can get a rough idea of the dollar value of high switching costs. For example, a group of economists working for the Consumer Finance Protection Bureau calculated that the hassle of changing banks is costing Americans at least $677m per year (see page 526):

https://files.consumerfinance.gov/f/documents/cfpb_personal-financial-data-rights-final-rule_2024-10.pdf

The CFPB economists used a very conservative methodology, so the number is likely higher, but let's stick with that figure for now. The switching costs of changing banks – determining which bank has the best deal for you, then transfering over your account histories, cards, payees, and automated bill payments – are costing everyday Americans more than half a billion dollars, every year.

Now, the CFPB wasn't gathering this data just to make you mad. They wanted to do something about all this money – to find a way to lower switching costs, and, in so doing, transfer all that money from bank shareholders and executives to the American public.

And that's just what they did. A newly finalized Personal Financial Data Rights rule will allow you to authorize third parties – other banks, comparison shopping sites, brokers, anyone who offers you a better deal, or help you find one – to request your account data from your bank. Your bank will be required to provide that data.

I loved this rule when they first proposed it:

https://pluralistic.net/2024/06/10/getting-things-done/#deliverism

And I like the final rule even better. They've really nailed this one, even down to the fine-grained details where interop wonks like me get very deep into the weeds. For example, a thorny problem with interop rules like this one is "who gets to decide how the interoperability works?" Where will the data-formats come from? How will we know they're fit for purpose?

This is a super-hard problem. If we put the monopolies whose power we're trying to undermine in charge of this, they can easily cheat by delivering data in uselessly obfuscated formats. For example, when I used California's privacy law to force Mailchimp to provide list of all the mailing lists I've been signed up for without my permission, they sent me thousands of folders containing more than 5,900 spreadsheets listing their internal serial numbers for the lists I'm on, with no way to find out what these lists are called or how to get off of them:

https://pluralistic.net/2024/07/22/degoogled/#kafka-as-a-service

So if we're not going to let the companies decide on data formats, who should be in charge of this? One possibility is to require the use of a standard, but again, which standard? We can ask a standards body to make a new standard, which they're often very good at, but not when the stakes are high like this. Standards bodies are very weak institutions that large companies are very good at capturing:

https://pluralistic.net/2023/04/30/weak-institutions/

Here's how the CFPB solved this: they listed out the characteristics of a good standards body, listed out the data types that the standard would have to encompass, and then told banks that so long as they used a standard from a good standards body that covered all the data-types, they'd be in the clear.

Once the rule is in effect, you'll be able to go to a comparison shopping site and authorize it to go to your bank for your transaction history, and then tell you which bank – out of all the banks in America – will pay you the most for your deposits and charge you the least for your debts. Then, after you open a new account, you can authorize the new bank to go back to your old bank and get all your data: payees, scheduled payments, payment history, all of it. Switching banks will be as easy as switching mobile phone carriers – just a few clicks and a few minutes' work to get your old number working on a phone with a new provider.

This will save Americans at least $677 million, every year. Which is to say, it will cost the banks at least $670 million every year.

Naturally, America's largest banks are suing to block the rule:

https://www.americanbanker.com/news/cfpbs-open-banking-rule-faces-suit-from-bank-policy-institute

Of course, the banks claim that they're only suing to protect you, and the $677m annual transfer from their investors to the public has nothing to do with it. The banks claim to be worried about bank-fraud, which is a real thing that we should be worried about. They say that an interoperability rule could make it easier for scammers to get at your data and even transfer your account to a sleazy fly-by-night operation without your consent. This is also true!

It is obviously true that a bad interop rule would be bad. But it doesn't follow that every interop rule is bad, or that it's impossible to make a good one. The CFPB has made a very good one.

For starters, you can't just authorize anyone to get your data. Eligible third parties have to meet stringent criteria and vetting. These third parties are only allowed to ask for the narrowest slice of your data needed to perform the task you've set for them. They aren't allowed to use that data for anything else, and as soon as they've finished, they must delete your data. You can also revoke their access to your data at any time, for any reason, with one click – none of this "call a customer service rep and wait on hold" nonsense.

What's more, if your bank has any doubts about a request for your data, they are empowered to (temporarily) refuse to provide it, until they confirm with you that everything is on the up-and-up.

I wrote about the lawsuit this week for @[email protected]'s Deeplinks blog:

https://www.eff.org/deeplinks/2024/10/no-matter-what-bank-says-its-your-money-your-data-and-your-choice

In that article, I point out the tedious, obvious ruses of securitywashing and privacywashing, where a company insists that its most abusive, exploitative, invasive conduct can't be challenged because that would expose their customers to security and privacy risks. This is such bullshit.

It's bullshit when printer companies say they can't let you use third party ink – for your own good:

https://arstechnica.com/gadgets/2024/01/hp-ceo-blocking-third-party-ink-from-printers-fights-viruses/

It's bullshit when car companies say they can't let you use third party mechanics – for your own good:

https://pluralistic.net/2020/09/03/rip-david-graeber/#rolling-surveillance-platforms

It's bullshit when Apple says they can't let you use third party app stores – for your own good:

https://www.eff.org/document/letter-bruce-schneier-senate-judiciary-regarding-app-store-security

It's bullshit when Facebook says you can't independently monitor the paid disinformation in your feed – for your own good:

https://pluralistic.net/2021/08/05/comprehensive-sex-ed/#quis-custodiet-ipsos-zuck

And it's bullshit when the banks say you can't change to a bank that charges you less, and pays you more – for your own good.

CFPB boss Rohit Chopra is part of a cohort of Biden enforcers who've hit upon a devastatingly effective tactic for fighting corporate power: they read the law and found out what they're allowed to do, and then did it:

https://pluralistic.net/2023/10/23/getting-stuff-done/#praxis

The CFPB was created in 2010 with the passage of the Consumer Financial Protection Act, which specifically empowers the CFPB to make this kind of data-sharing rule. Back when the CFPA was in Congress, the banks howled about this rule, whining that they were being forced to share their data with their competitors.

But your account data isn't your bank's data. It's your data. And the CFPB is gonna let you have it, and they're gonna save you and your fellow Americans at least $677m/year – forever.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/11/01/bankshot/#personal-financial-data-rights

It would be great if we had an equivalent to the Data Protection Act here in the USA.

Salamandra s. salamandra - Dunkelsteinerwald NÖ Austria

we saw three!! different fire salamanders on our morning walk

Tee Hee :]

I remember watching this with my dad when I still couldn't read. Fond memories! A little context for the last pic, my grandpa used to do this before we crossed the street. I just thought it'd be cute lol

Carole Cadwalladr - Broligarchs, AI, and a Techno-Authoritarian Surveillance State | The Daily Show

y'all i've been upset about nanowrimo's shenanigans since last year, when kids weren't safe, and now there's this AI shitshow, and i want to cry about it again, because nano has been SO IMPORTANT to me since 2008--it helped me hack my writing process and make a bunch of cool shit, and i've written so many stories i love using it as a jumping off point. but. we gotta protect kids, and we gotta get the fuck out of here with AI bullshit.

so. the decision i have come to is that i will still be participating in nano. but now it stands for "now a's [that's me] novel writing month." i'm still going to write a book in november, and i'm still going to shoot for the 1,667 words/day (even though my finished projects wind up way longer than that, invariably), because i've structured my creative life around this routine, but i won't be using their site any more.

i will also not be tagging my november project posts as nanowrimo, but i WILL still be tagging them as "nano[YEAR]" (because that's been my tagging system for untitled projects for uh. years.). and it's now a's novel writing month :)

This is not from my post originally (it's a popular post from about 5 days ago and ironically spreads a picture taken without consent). I've censored the original picture because this is a jumping off point for what happened to me on Sunday while at work.

So I was at work on the shop floor when a man came in facetiming someone. He was picking up books and showing them to the lady he was facetiming, who told him that those books weren't the ones she was looking for. The man then turns to me (I was behind the tills) and asks I've I've heard of [book name]. I hadn't and explained that I'd been stocking the bookshelves earlier and hadn't come across it while doing that. He then flips his phone around so that the facetime camera is pointing at me. I freak out internally because what the hell?? I'm at work and you didn't ask me to talk to whoever it is you're talking to.

Man walks around the tills, comes up to the threshold of the till area and shoves the camera closer to my face. Because of where I was stood, I physically could not walk away from the tills because there is a wall of books in my way. I would have had to jump over the counter to leave. Honestly the whole thing made me really uncomfortable and I deeply resent people who think it's okay to take pictures of or record people in public. Ask for permission first. And if you can't, don't! Especially don't corner someone and force them to facetime a complete stranger. It's not okay, even if you think it's lighthearted.

tl;dr: “The amazing thing is that they haven’t actually done anything constructive whatsoever. Literally all they’ve done is destroy things,” a current federal employee said of Doge. “People are going to miss the federal government that they had.”

Very long and comprehensive article.

Y'know, I like living in Europe...

But sometimes...

Sometimes...

I got a letter back from the hospital where I'll get the tumor removed. I assumed it was the recommendation of the Doctor. Okay, stress, fear, tears, thoughts like: fuck, I still need to make a will (because what if I am part of the 5% where things go wrong) and an advanced directive (because what if) and is my organ donor stuff up to date amd I need to clean my flat and repair my washing machine first and all...

And then I open it

AND BEFORE THEY CAN TAKE MY CASE ANY FURTHER THEY NEED MY SIGNATURE BECAUSE OF DATA PROTECTION

And... it makes sense... But it would have been nice to be told this when I phoned them and was told that I could 'just' send in my case data first, since the hospital is six hours away.

*tiny lizard screams*

At least I have now a list with to do stuff...

I actually have a fic idea but lc is a show that's like. you will never ever have all the information and context until the end. and I am a writer who writes best and more confidently when I have all the info and context at my fingertips. so now I'm just like 🧍‍♂️

anyway. ramble in the tags

An interoperability rule for your money

This is the final weekend to back the Kickstarter campaign for the audiobook of my next novel, The Lost Cause. These kickstarters are how I pay my bills, which lets me publish my free essays nearly every day. If you enjoy my work, please consider backing!

"If you don't like it, why don't you take your business elsewhere?" It's the motto of the corporate apologist, someone so Hayek-pilled that they see every purchase as a ballot cast in the only election that matters – the one where you vote with your wallet.

Voting with your wallet is a pretty undignified way to go through life. For one thing, the people with the thickest wallets get the most votes, and for another, no matter who you vote for in that election, the Monopoly Party always wins, because that's the part of the thick-wallet set.

Contrary to the just-so fantasies of Milton-Friedman-poisoned bootlickers, there are plenty of reasons that one might stick with a business that one dislikes – even one that actively harms you.

The biggest reason for staying with a bad company is if they've figured out a way to punish you for leaving. Businesses are keenly attuned to ways to impose switching costs on disloyal customers. "Switching costs" are all the things you have to give up when you take your business elsewhere.

Businesses love high switching costs – think of your gym forcing you to pay to cancel your subscription or Apple turning off your groupchat checkmark when you switch to Android. The more it costs you to move to a rival vendor, the worse your existing vendor can treat you without worrying about losing your business.

Capitalists genuinely hate capitalism. As the FBI informant Peter Thiel says, "competition is for losers." The ideal 21st century "market" is something like Amazon, a platform that gets 45-51 cents out of every dollar earned by its sellers. Sure, those sellers all compete with one another, but no matter who wins, Amazon gets a cut:

https://pluralistic.net/2023/09/28/cloudalists/#cloud-capital

Think of how Facebook keeps users glued to its platform by making the price of leaving cutting of contact with your friends, family, communities and customers. Facebook tells its customers – advertisers – that people who hate the platform stick around because Facebook is so good at manipulating its users (this is a good sales pitch for a company that sells ads!). But there's a far simpler explanation for peoples' continued willingness to let Mark Zuckerberg spy on them: they hate Zuck, but they love their friends, so they stay:

https://www.eff.org/deeplinks/2021/08/facebooks-secret-war-switching-costs

One of the most important ways that regulators can help the public is by reducing switching costs. The easier it is for you to leave a company, the more likely it is they'll treat you well, and if they don't, you can walk away from them. That's just what the Consumer Finance Protection Bureau wants to do with its new Personal Financial Data Rights rule:

https://www.consumerfinance.gov/about-us/newsroom/cfpb-proposes-rule-to-jumpstart-competition-and-accelerate-shift-to-open-banking/

The new rule is aimed at banks, some of the rottenest businesses around. Remember when Wells Fargo ripped off millions of its customers by ordering its tellers to open fake accounts in their name, firing and blacklisting tellers who refused to break the law?

https://www.npr.org/sections/money/2016/10/07/497084491/episode-728-the-wells-fargo-hustle

While there are alternatives to banks – local credit unions are great – a lot of us end up with a bank by default and then struggle to switch, even though the banks give us progressively worse service, collectively rip us off for billions in junk fees, and even defraud us. But because the banks keep our data locked up, it can be hard to shop for better alternatives. And if we do go elsewhere, we're stuck with hours of tedious clerical work to replicate all our account data, payees, digital wallets, etc.

That's where the new CFPB order comes in: the Bureau will force banks to "share data at the person’s direction with other companies offering better products." So if you tell your bank to give your data to a competitor – or a comparison shopping site – it will have to do so…or else.

Banks often claim that they block account migration and comparison shopping sites because they want to protect their customers from ripoff artists. There are certainly plenty of ripoff artists (notwithstanding that some of them run banks). But banks have an irreconcilable conflict of interest here: they might want to stop (other) con-artists from robbing you, but they also want to make leaving as painful as possible.

Instead of letting shareholder-accountable bank execs in back rooms decide what the people you share your financial data are allowed to do with it, the CFPB is shouldering that responsibility, shifting those deliberations to the public activities of a democratically accountable agency. Under the new rule, the businesses you connect to your account data will be "prohibited from misusing or wrongfully monetizing the sensitive personal financial data."

This is an approach that my EFF colleague Bennett Cyphers and I first laid our in our 2021 paper, "Privacy Without Monopoly," where we describe how and why we should shift determinations about who is and isn't allowed to get your data from giant, monopolistic tech companies to democratic institutions, based on privacy law, not corporate whim:

https://www.eff.org/wp/interoperability-and-privacy

The new CFPB rule is aimed squarely at reducing switching costs. As CFPB Director Rohit Chopra says, "Today, we are proposing a rule to give consumers the power to walk away from bad service and choose the financial institutions that offer the best products and prices."

The rule bans banks from charging their customers junk fees to access their data, and bans businesses you give that data to from "collecting, using, or retaining data to advance their own commercial interests through actions like targeted or behavioral advertising." It also guarantees you the unrestricted right to revoke access to your data.

The rule is intended to replace the current state-of-the-art for data sharing, which is giving your banking password to third parties who go and scrape that data on your behalf. This is a tactic that comparison sites and financial dashboards have used since 2006, when Mint pioneered it:

https://www.eff.org/deeplinks/2019/12/mint-late-stage-adversarial-interoperability-demonstrates-what-we-had-and-what-we

A lot's happened since 2006. It's past time for American bank customers to have the right to access and share their data, so they can leave rotten banks and go to better ones.

The new rule is made possible by Section 1033 of the Consumer Financial Protection Act, which was passed in 2010. Chopra is one of the many Biden administrative appointees who have acquainted themselves with all the powers they already have, and then used those powers to help the American people:

https://pluralistic.net/2022/10/18/administrative-competence/#i-know-stuff

It's pretty wild that the first digital interoperability mandate is going to come from the CFPB, but it's also really cool. As Tim Wu demonstrated in 2021 when he wrote Biden's Executive Order on Promoting Competition in the American Economy, the administrative agencies have sweeping, grossly underutilized powers that can make a huge difference to everyday Americans' lives:

https://www.eff.org/de/deeplinks/2021/08/party-its-1979-og-antitrust-back-baby

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/10/21/let-my-dollars-go/#personal-financial-data-rights

My next novel is The Lost Cause, a hopeful novel of the climate emergency. Amazon won't sell the audiobook, so I made my own and I'm pre-selling it on Kickstarter!

Image: Steve Morgan (modified) https://commons.wikimedia.org/wiki/File:U.S._National_Bank_Building_-_Portland,_Oregon.jpg

Stefan Kühn (modified) https://commons.wikimedia.org/wiki/File:Abrissbirne.jpg

CC BY-SA 3.0 https://creativecommons.org/licenses/by-sa/3.0/deed.en

 - 

Rhys A. (modified) https://www.flickr.com/photos/rhysasplundh/5201859761/in/photostream/

CC BY 2.0 https://creativecommons.org/licenses/by/2.0/