Tesla accused of hacking odometers to weasel out of warrantyĀ repairs
I'm on a 20+ city book tour for my new novel PICKS AND SHOVELS. Catch me at NEW ZEALAND'S UNITY BOOKS in AUCKLAND on May 2, and in WELLINGTON on May 3. More tour dates (Pittsburgh, PDX, London, Manchester) here.
A lawsuit filed in February accuses Tesla of remotely altering odometer values on failure-prone cars, in a bid to push these lemons beyond the 50,000 mile warranty limit:
The suit was filed by a California driver who bought a used Tesla with 36,772 miles on it. The car's suspension kept failing, necessitating multiple servicings, and that was when the plaintiff noticed that the odometer readings for his identical daily drive were going up by ever-larger increments. This wasn't exactly subtle: he was driving 20 miles per day, but the odometer was clocking 72.35 miles/day. Still, how many of us monitor our daily odometer readings?
In short order, his car's odometer had rolled over the 50k mark and Tesla informed him that they would no longer perform warranty service on his lemon. Right after this happened, the new mileage clocked by his odometer returned to normal. This isn't the only Tesla owner who's noticed this behavior: Tesla subreddits are full of similar complaints:
Drivers noticed that they were getting far fewer miles out of their batteries than Tesla had advertised. Naturally, they contacted the company for service on their faulty cars. Tesla then set up an entire fake service operation in Nevada that these calls would be diverted to, called the "diversion team." Drivers with range complaints were put through to the "diverters" who would claim to run "remote diagnostics" on their cars and then assure them the cars were fine. They even installed a special xylophone in the diversion team office that diverters would ring every time they successfully deceived a driver.
These customers were then put in an invisible Tesla service jail. Their Tesla apps were silently altered so that they could no longer book service for their cars for any reason ā instead, they'd have to leave a message and wait several days for a callback. The diversion center racked up 2,000 calls/week and diverters were under strict instructions to keep calls under five minutes. Eventually, these diverters were told that they should stop actually performing remote diagnostics on the cars of callers ā instead, they'd just pretend to have run the diagnostics and claim no problems were found (so if your car had a potentially dangerous fault, they would falsely claim that it was safe to drive).
Most modern cars have some kind of internet connection, but Tesla goes much further. By design, its cars receive "over-the-air" updates, including updates that are adverse to drivers' interests. For example, if you stop paying the monthly subscription fee that entitles you to use your battery's whole charge, Tesla will send a wireless internet command to your car to restrict your driving to only half of your battery's charge.
This means that your Tesla is designed to follow instructions that you don't want it to follow, and, by design, those instructions can fundamentally alter your car's operating characteristics. For example, if you miss a payment on your Tesla, it can lock its doors and immobilize itself, then, when the repo man arrives, it will honk its horn, flash its lights, back out of its parking spot, and unlock itself so that it can be driven away:
Some of the ways that your Tesla can be wirelessly downgraded (like disabling your battery) are disclosed at the time of purchase. Others (like locking you out and summoning a repo man) are secret. But whether disclosed or secret, both kinds of downgrade depend on the genuinely bizarre idea that a computer that you own, that is in your possession, can be relied upon to follow orders from the internet even when you don't want it to. This is weird enough when we're talking about a set-top box that won't let you record a TV show ā but when we're talking about a computer that you put your body into and race down the road at 80mph inside of, it's frankly terrifying.
Obviously, most people would prefer to have the final say over how their computers work. I mean, maybe you trust the manufacturer's instructions and give your computer blanket permission to obey them, but if the manufacturer (or a hacker pretending to be the manufacturer, or a government who is issuing orders to the manufacturer) starts to do things that are harmful to you (or just piss you off), you want to be able to say to your computer, "OK, from now on, you take orders from me, not them."
In a state of nature, this is how computers work. To make a computer ignore its owner in favor of internet randos, the manufacturer has to build in a bunch of software countermeasures to stop you from reconfiguring or installing software of your choosing on it. And sure, that software might be able to withstand the attempts of normies like you and me to bypass it, but given that we'd all rather have the final say over how our computers work, someone is gonna figure out how to get around that software. I mean, show me a 10-foot fence and I'll show you an 11-foot ladder, right?
To stop that from happening, Congress passed the 1998 Digital Millennium Copyright Act. Despite the word "copyright" appearing in the name of the law, it's not really about defending copyright, it's about defending business models. Under Section 1201 of the DMCA, helping someone bypass a software lock is a felony punishable by a five-year prison sentence and a $500,000 fine (for a first offense). That's true whether or not any copyright infringement takes place.
So if you want to modify your Tesla ā say, to prevent the company from cheating your odometer ā you have to get around a software lock, and that's a felony. Indeed, if any manufacturer puts a software lock on its product, then any changes that require disabling or bypassing that lock become illegal. That's why you can't just buy reliable third-party printer ink ā reverse-engineering the "is this an original HP ink cartridge?" program is a literal crime, even though using non-HP ink in your printer is absolutely not a copyright violation. Jay Freeman calls this effect "felony contempt of business model."
Thus we arrive at this juncture, where every time you use a product or device or service, it might behave in a way that is totally unlike the last time you used it. This is true whether you own, lease or merely interact with a product. The changes can be obvious, or they can be subtle to the point of invisibility. And while manufacturers can confine their "updates" to things that make the product better (for example, patching security vulnerabilities), there's nothing to stop them from using this uninspectable, non-countermandable veto over your devices' functionality to do things that harm you ā like fucking with your odometer.
Or, you know, bricking your car. The defunct EV maker Fisker ā who boasted that it made "software-based cars" ā went bankrupt last year and bricked the entire fleet of unsold cars:
I call this ability to modify the underlying functionality of a product or service for every user, every time they use it, "twiddling," and it's a major contributor to enshittification:
https://pluralistic.net/2023/02/19/twiddler/
Enshittification's observable symptoms follow a predictable pattern: first, a company makes things good for its users, while finding ways to lock them in. Then, once it knows the users can't easily leave, the company makes things worse for end-users in order to deliver value to business customers. Once these businesses are locked in, the company siphons value away from them, too, until the product or service is a pile of shit, that we still can't leave:
Twiddling is key to enshittification: it's the method by which value is shifted from end-users to business customers, and from business customers to the platform. Twiddling is the "switch" in enshittification's series of minute, continuous bait-and-switches. The fact that DMCA 1201 makes it a crime to investigate systems with digital locks makes the modern computerized device a twiddler's playground. Sure, a driver might claim that their odometer is showing bad readings, but they can't dump their car's software and identify the code that is changing the odometer.
This is what I mean by "demon-haunted computers": a computer is "demon-haunted" if it is designed to detect when it is under scrutiny, and, when it senses a hostile observer, it changes its behavior to the innocuous, publicly claimed factory defaults:
But as soon as the observer goes away, the computer returns to its nefarious ways. This is exactly what happened with Dieselgate, when VW used software that detected the test-suite run by government emissions inspectors, and changed the engine's characteristics when it was under their observation. But once the car was back on the road, it once again began emitting toxic gas at levels that killed killed dozens of people and sickened thousands more:
Cars are among the most demon-haunted products we use on a daily basis. They are designed from the chassis up to do things that are harmful to their owners, from stealing our location data so it can be sold to data-brokers, to immobilizing themselves if you miss a payment, to downgrading themselves if you stop paying for a "subscription," to ratting out your driving habits to your insurer:
These are the "legitimate" ways that cars are computers that ignore their owners' orders in favor of instructions they get from the internet. But once a manufacturer arrogates that power to itself, it is confronted with a tempting smorgasbord of enshittificatory gambits to defraud you, control you, and gaslight you. Now, perhaps you could wield this power wisely, because you are in possession of the normal human ration of moral consideration for others, to say nothing of a sense of shame and a sense of honor.
But while corporations are (legally) people, they are decidedly not human. They are artificial lifeforms, "intellects vast and cool and unsympathetic" (as HG Wells said of the marauding aliens in War of the Worlds):
These alien invaders are busily xenoforming the planet, rendering it unfit for human habitation. Laws that ban reverse-engineering are a devastating weapon that corporations get to use in their bid to subjugate and devour the human race.
The US isn't the only country with a law like Section 1201 of the DMCA. Over the past 25 years, the US Trade Representative has arm-twisted nearly every country in the world into passing laws that are nearly identical to America's own disastrous DMCA. Why did countries agree to pass these laws? Well, because they had to, or the US would impose tariffs on them:
The Trump tariffs change everything, including this thing. There is no reason for America's (former) trading partners to continue to enforce the laws it passed to protect Big Tech's right to twiddle their citizens. That goes double for Tesla: rather than merely complaining about Musk's Nazi salutes, countries targeted by the regime he serves could retaliate against him, in a devastating fashion. By abolishing their anticircuvmention laws, countries around the world would legalize jailbreaking Teslas, allowing mechanics to unlock all the subscription features and software upgrades for every Tesla driver, as well as offering their own software mods. Not only would this tank Tesla stock and force Musk to pay back the loans he collateralized with his shares (loans he used to buy Twitter and the US predidency), it would also abolish sleazy gimmicks like hacking drivers' odometers to get out of paying for warranty service:
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
ā Live Streamingā Interactive Chatā Private Showsā HD Qualityā Free Actions
Free to watch ⢠No registration required ⢠HD streaming
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
What if there was a way for a business to transform any conduct it disliked into a felony, harnessing the power of the state to threaten anyone who acted in a way that displeased the company with a long prison sentence and six-figure fines?
Surprise! That actually exists! It's called Section 1201 of the Digital Millennium Copyright Act, the "anticircumvention" clause, which establishes five-year sentences and $500k fines for anyone who bypasses an "effective access control" for a copyrighted work.
Let's unpack that: every digital product has a "copyrighted work" at its core, because software is copyrighted. Digital systems are intrinsically very flexible: just overwrite, augment, or delete part of the software that powers the device or product, and you change how the product works. You can alter your browser to block ads; or alter your Android phone to run a privacy-respecting OS like Graphene; or alter your printer to accept generic ink, rather than checking each cartridge to confirm that it's the original manufacturer's product.
However, if the device is designed to prevent this ā if it has an "access control" that restricts your ability to change the software ā then DMCA 1201 makes those modifications into crimes. The act of providing someone with a tool to change how their own property works ("trafficking in circumvention devices") is a felony.
But there's a tiny saving grace here: for DMCA 1201 to kick in, the "access control" must be "effective." What's "effective?" There's the rub: no one knows.
The penalties for getting crosswise with DMCA 1201 are so grotendous that very few people have tried to litigate any of its contours. Whenever the issue comes up, defendants settle, or fold, or disappear. Despite the fact that DMCA 1201 has been with us for more than a quarter of a century, and despite the fact that the activities it restricts are so far-reaching, there's precious little case law clarifying Congress's vague statutory language.
When it comes to "effectiveness" in access controls, the jurisprudence is especially thin. As far as I know, there's just one case that addressed the issue, and boy was it a weird one. Back in 2000, a "colorful" guy named Johnny Deep founded a Napster-alike service that piggybacked on the AOL Instant Messenger network. He called his service "Aimster." When AOL threatened him with a trademark suit, he claimed that Aimster was his daughter Amiee's AOL handle, and that the service was named for her. Then he changed the service's name to Madster, claiming that it was also named after his daughter. At the time, a lot of people assumed he was BSing, but I just found his obituary and it turns out his daughter's name was, indeed, "Amiee (Madeline) Deep":
Aimster was one of the many services that the record industry tried to shut down, both by filing suit against the company and by flooding it with takedown notices demanding that individual tracks be removed. Deep responded by "encoding" all of the track names on his network in pig-Latin. Then he claimed that by "decoding" the files (by moving the last letter of the track name to the first position), the record industry was "bypassing an effective access control for a copyrighted work" and thus violating DMCA 1201:
The court didn't buy this. The judge ruled that pig Latin isn't an "effective access control." Since then, we've known that at least some access controls aren't "effective" but we haven't had any clarity on where "effectiveness" starts. After all, there's a certain circularity to the whole idea of "effective" access controls: if a rival engineer can figure out how to get around an access control, can we really call it "effective?" Surely, the fact that someone figured out how to circumvent your access control is proof that it's not effective (at least when it comes to that person).
All this may strike you as weird inside baseball, and that's not entirely wrong, but there's one unresolved "effectiveness" question that has some very high stakes indeed: is Youtube's javascript-based obfuscation an "effective access control?"
Youtube, of course, is the internet's monopoly video platform, with a commanding majority of video streams. It was acquired by Google in 2006 for $1.65b. At the time, the service was hemorrhaging money and mired in brutal litigation, but it had one virtue that made it worth nine figures: people liked it. Specifically, people liked it in a way they didn't like Google Video, which was one of the many, many, many failed internally developed Google products that tanked, and was replaced by a product developed by a company that Google bought, because Google sucks at developing products. They're not Willy Wonka's idea factory ā they're Rich Uncle Pennybags, buying up other kids' toys:
Google operationalized Youtube and built it up to the world's most structurally important video platform. Along the way, Google added some javascript that was intended to block people from "downloading" its videos. I put "downloading" in scare-quotes because "streaming" is a consensus hallucination: there is no way for your computer to display a video that resides on a distant server without downloading it ā the internet is not made up of a cunning series of paper-towel rolls and mirrors that convey photons to your screen without sending you the bits that make up the file. "Streaming" is just "downloading" with the "save file" button removed.
In this case, the "save file" button is removed by some javascript on every Youtube page. This isn't hard to bypass: there are dozens of "stream-ripping" sites that let you save any video that's accessible on Youtube. I use these all the time ā indeed, I used one last week to gank the video of my speech in Ottawa so I could upload it to my own Youtube channel:
Now, all of this violates Youtube's terms of service, which means that someone who downloads a stream for an otherwise lawful purpose (like I did) is still hypothetically at risk of being punished by Google. We're relying on Google to be reasonable about all this, which, admittedly, isn't the best bet, historically. But at least the field of people who can attack us is limited to this one company.
That's good, because there's zillions of people who rely on stream-rippers, and many of them are Youtube's most popular creators. Youtube singlehandedly revived the form of the "video essay," popularizing it in many guises, from "reaction videos" to full-fledged, in-depth documentaries that make extensive use of clips to illuminate, dispute, and expand on the messages of other Youtube videos.
These kinds of videos are allowed under US copyright law. American copyright law has a broad set of limitation and exceptions, which include "fair use," an expansive set of affirmative rights to access and use copyrighted works, even against the wishes of the copyright's proprietor. As the Supreme Court stated in Eldred, the only way copyright (a government-backed restriction on who can say certain words) can be reconciled with the First Amendment (a ban on government restrictions on speech) is through fair use, the "escape valve" for free expression embedded in copyright:
https://en.wikipedia.org/wiki/Eldred_v._Ashcroft
Which is to say that including clips from a video you're criticizing in your own video is canonical fair use. What else is fair use? Well, it's "fact intensive," which is a lawyer's way of saying, "it depends." One thing that is 100% true, though, is that fair use is not limited to the "four factors" enumerated in the statute and anyone who claims otherwise has no idea what they're talking about and can be safely ignored:
Now, fair use or not, there are plenty of people who get angry about their videos being clipped for critical treatment in other videos, because lots of people hate being criticized. This is precisely why fair use exists: if you had to secure someone's permission before you were allowed to criticize them, critical speech would be limited to takedowns of stoics and masochists.
This means that the subjects of video essays can't rely on copyright to silence their critics. They also can't use the fact that those critics violated Youtube's terms of service by clipping their videos, because only Youtube has standing to ask a court to uphold its terms of service, and Youtube has (wisely) steered clear of embroiling itself in fights between critics and the people they criticize.
But that hasn't stopped the subjects of criticism from seeking legal avenues to silence their critics. In a case called Cordova v. Huneault, the proprietor of "Denver Metro Audits" is suing the proprietor of "Frauditor Troll Channel" for clipping the former's videos for "reaction videos."
One of the plaintiff's claims here is that the defendant violated Section 1201 of the DMCA by saving videos from Youtube. They argue that Youtube's javascript obfuscator (a "rolling cipher") is an "effective access control" under the statute. Magistrate Judge Virginia K DeMarchi (Northern District of California) agreed with the plaintiff:
Remember, DMCA 1201 applies whether or not you infringe someone's copyright. It is a blanket prohibition on the circumvention of any "effective access control" for any copyrighted work, even when no one's rights are being violated. It's a way to transform otherwise lawful conduct into a felony. It's what Jay Freeman calls "Felony contempt of business model."
If the higher court upholds this magistrate judge's ruling, then all clipping becomes a crime, and the subjects of criticism will have a ready tool to silence any critic. This obliterates fair use, wipes it off the statute-book. It welds shut copyright's escape valve for free expression.
Now, it's true that the US Copyright Office holds hearings every three years where it grants exemptions to DMCA 1201, and it has indeed granted an exemption for ripping video for critical and educational purposes. But this process is deceptive! The exemptions that the Copyright Office grants are "use exemptions" ā they allow you to "make the use." However, they are not "tools exemptions" ā they do not give you permission to acquire or share the tool needed to make the use:
Which means that you are allowed to rip a stream, but you're not allowed to use a stream-ripping service. If Youtube's rolling cipher is an "effective access control" then all of those stream-ripping services are wildly illegal, felonies carrying a five-year sentence and a $500k fine for a first offense under DMCA 1201.
Under the US Copyright Office's exemption process, if you want to make a reaction video, then you, personally must create your own stream-ripper. You are not allowed to discuss how to do this with anyone else, and you can't share your stream-ripper with anyone else, and if you do, you've committed a felony.
So this is a catastrophic ruling. If it stands, it will make the production of video essays, reaction videos, and other critical videos into a legal minefield, by giving everyone whose video is clipped and criticized a means to threaten their critics with long prison sentences, fair use be damned. The only people who will safely be able to make this kind of critical video are skilled programmers who can personally defeat Youtube's "rolling cipher." And unlike claims about stream-ripping violating Youtube's terms of service ā which can only be brought by Youtube ā DMCA 1201 claims can be brought by anyone whose videos get clipped and criticized.
Is Youtube's rolling cipher an "effective access control?" Well, I don't know how to bypass it, but there are dozens of services that have independently figured out how to get around it. That seems like good evidence that the access control is not "effective."
When the DMCA was enacted in 1998, this is exactly the kind of thing experts warned would happen:
And here we are, more than a quarter-century later, living in the prison of lawmakers' reckless disregard for evidence and expertise, a world where criticism can be converted into a felony. It's long past time we get rid of this stupid, stupid law:
I'm coming to COLORADO! Catch me in DENVER on Jan 22 at The Tattered Cover<, and in COLORADO SPRINGS from Jan 23ā25 where I'm the Guest of Honor at COSine. Then I'll be in OTTAWA on Jan 28 at Perfect Books and in TORONTO with Tim Wu on Jan 30.
Samantha: This town has a weird smell that you're all probably used toā¦but I'm not.
Mrs Krabappel: It'll take you about six weeks, dear.
-The Simpsons, "Bart's Friend Falls in Love," S3E23, May 7, 1992
We are living through weird times, and they've persisted for so long that you probably don't even notice it. But these times are not normal.
Now, I realize that this covers a lot of ground, and without detracting from all the other ways in which the world is weird and bad, I want to focus on one specific and pervasive and awful way in which this world is not normal, in part because this abnormality has a defined cause, a precise start date, and an obvious, actionable remedy.
6 years, 5 months and 22 days after Fox aired "Bart's Friend Falls in Love," Bill Clinton signed a new bill into law: the Digital Millennium Copyright Act of 1998 (DMCA).
Under Section 1201 of the DMCA, it's a felony to modify your own property in ways that the manufacturer disapproves of, even if your modifications accomplish some totally innocuous, legal, and socially beneficial goal. Not a little felony, either: DMCA 1201 provides for a five year sentence and a $500,000 fine for a first offense.
Back when the DMCA was being debated, its proponents insisted that their critics were overreacting. They pointed to the legal barriers to invoking DMCA 1201, and insisted that these new restrictions would only apply to a few marginal products in narrow ways that the average person would never even notice.
But that was obvious nonsense, obvious even in 1998, and far more obvious today, more than a quarter-century on. In order for a manufacturer to criminalize modifications to your own property, they have to satisfy two criteria: first, they must sell you a device with a computer in it; and second, they must design that computer with an "access control" that you have to work around in order to make a modification.
For example, say your toaster requires that you scan your bread before it will toast it, to make sure that you're only using a special, expensive kind of bread that kicks back a royalty to the manufacturer. If the embedded computer that does the scanning ships from the factory with a program that is supposed to prevent you from turning off the scanning step, then it is a felony to modify your toaster to work with "unauthorized bread":
If this sounds outlandish, then a) You definitely didn't walk the floor at CES last week, where there were a zillion "cooking robots" that required proprietary feedstock; and b) You haven't really thought hard about your iPhone (which will not allow you to install software of your choosing):
But back in 1998, computers ā even the kind of low-powered computers that you'd embed in an appliance ā were expensive and relatively rare. No longer! Today, manufacturers source powerful "System on a Chip" (SoC) processors at prices ranging from $0.25 to $8. These are full-fledged computers, easily capable of running an "access control" that satisfies DMCA 1201.
Likewise, in 1998, "access controls" (also called "DRM," "technical protection measures," etc) were a rarity in the field. That was because computer scientists broadly viewed these measures as useless. A determined adversary could always find a way around an access control, and they could package up that break as a software tool and costlessly, instantaneously distribute it over the internet to everyone in the world who wanted to do something that an access control impeded. Access controls were a stupid waste of engineering resources and a source of needless complexity and brittleness:
But ā as critics pointed out in 1998 ā chips were obviously going to get much cheaper, and if the US Congress made it a felony to bypass an access control, then every kind of manufacturer would be tempted to add some cheap SoCs to their products so they could add access controls and thereby felonize any uses of their products that cut into their profits. Basically, the DMCA offered manufacturers a bargain: add a dollar or two to the bill of materials for your product, and in return, the US government will imprison any competitors who offer your customers a "complementary good" that improves on it.
It's even worse than this: another thing that was obvious in 1998 was that once a manufacturer added a chip to a device, they would probably also figure out a way to connect it to the internet. Once that device is connected to the internet, the manufacturer can push software updates to it at will, which will be installed without user intervention. What's more, by using an access control in connection with that over-the-air update mechanism, the manufacturer can make it a felony to block its updates.
Which means that a manufacturer can sell you a device and then mandatorily update it at a later date to take away its functionality, and then sell that functionality back to you as a "subscription":
Here's what this all means: any manufacturer who devotes a small amount of engineering work and incurs a small hardware expense can extinguish private property rights altogether.
What do I mean by private property? Well, we can look to Blackstone's 1753 treatise:
The right of property; or that sole and despotic dominion which one man claims and exercises over the external things of the world, in total exclusion of the right of any other individual in the universe.
You can't own your iPhone. If you take your iPhone to Apple and they tell you that it is beyond repair, you have to throw it away. If the repair your phone needs involves "parts pairing" (where a new part won't be recognized until an Apple technician "initializes" it through a DMCA-protected access control), then it's a felony to get that phone fixed somewhere else. If Apple tells you your phone is no longer supported because they've updated their OS, then it's a felony to wipe the phone and put a different OS on it (because installing a new OS involves bypassing an "access control" in the phone's bootloader). If Apple tells you that you can't have a piece of software ā like ICE Block, an app that warns you if there are nearby ICE killers who might shoot you in the head through your windshield, which Apple has barred from its App Store on the grounds that ICE is a "protected class" ā then you can't install it, because installing software that isn't delivered via the App Store involves bypassing an "access control" that checks software to ensure that it's authorized (just like the toaster with its unauthorized bread).
It's not just iPhones: versions of this play out in your medical implants (hearing aid, insulin pump, etc); appliances (stoves, fridges, washing machines); cars and ebikes; set-top boxes and game consoles; ebooks and streaming videos; small appliances (toothbrushes, TVs, speakers), and more.
Increasingly, things that you actually own are the exception, not the rule.
And this is not normal. The end of ownership represents an overturn of a foundation of modern civilization. The fact that the only "people" who can truly own something are the transhuman, immortal colony organisms we call "Limited Liability Corporations" is an absolutely surreal reversal of the normal order of things.
It's a reversal with deep implications: for one thing, it means that you can't protect yourself from raids on your private data or ready cash by adding privacy blockers to your device, which would make it impossible for airlines or ecommerce sites to guess about how rich/desperate you are before quoting you a "personalized price":
It also means you can't stop your device from leaking information about your movements, or even your conversations ā Microsoft has announced that it will gather all of your private communications and ship them to its servers for use by "agentic AI":
https://www.youtube.com/watch?v=0ANECpNdt-4
Microsoft has also confirmed that it provides US authorities with warrantless, secret access to your data:
This is deeply abnormal. Sure, greedy corporate control freaks weren't invented in the 21st century, but the laws that let those sociopaths put you in prison for failing to arrange your affairs to their benefit ā and your own detriment ā are.
But because computers got faster and cheaper over decades, the end of ownership has had an incremental rollout, and we've barely noticed that it's happened. Sure, we get irritated when our garage-door opener suddenly requires us to look at seven ads every time we use the app that makes it open or close:
But societally, we haven't connected that incident to this wider phenomenon. It stinks here, but we're all used to it.
It's not normal to buy a book and then not be able to lend it, sell it, or give it away. Lending, selling and giving away books is older than copyright. It's older than publishing. It's older than printing. It's older than paper. It is fucking weird (and also terrible) (obviously) that there's a new kind of very popular book that you can go to prison for lending, selling or giving away.
We're just a few cycles away from a pair of shoes that can figure out which shoelaces you're using, or a dishwasher that can block you from using third-party dishes:
It's not normal, and it has profound implications for our security, our privacy, and our society. It makes us easy pickings for corporate vampires who drain our wallets through the gadgets and tools we rely on. It makes us easy pickings for fascists and authoritarians who ally themselves with corporate vampires by promising them tax breaks in exchange for collusion in the destruction of a free society.
I know that these problems are more important than whether or not we think this is normal. But still. It. Is. Just. Not. Normal.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
I'll be in TUCSON, AZ from November 8-10: I'm the GUEST OF HONOR at the TUSCON SCIENCE FICTION CONVENTION.
I have spent a quarter century obsessed with the weirdest corner of the weirdest section of the worst internet law on the US statute books: Section 1201 of the Digital Millennium Copyright Act, the 1998 law that makes it a felony to help someone change how their own computer works so it serves them, rather than a distant corporation.
Under DMCA 1201, giving someone a tool to "bypass an access control for a copyrighted work" is a felony punishable by a 5-year prison sentence and a $500k fine ā for a first offense. This law can refer to access controls for traditional copyrighted works, like movies. Under DMCA 1201, if you help someone with photosensitive epilepsy add a plug-in to the Netflix player in their browser that blocks strobing pictures that can trigger seizures, you're a felon:
But software is a copyrighted work, and everything from printer cartridges to car-engine parts have software in them. If the manufacturer puts an "access control" on that software, they can send their customers (and competitors) to prison for passing around tools to help them fix their cars or use third-party ink.
Now, even though the DMCA is a copyright law (that's what the "C" in DMCA stands for, after all); and even though blocking video strobes, using third party ink, and fixing your car are not copyright violations, the DMCA can still send you to prison, for a long-ass time for doing these things, provided the manufacturer designs their product so that using it the way that suits you best involves getting around an "access control."
As you might expect, this is quite a tempting proposition for any manufacturer hoping to enshittify their products, because they know you can't legally disenshittify them. These access controls have metastasized into every kind of device imaginable.
DMCA 1201 is the brainchild of Bruce Lehmann, Bill Clinton's Copyright Czar, who was repeatedly warned that cancerous proliferation this was the foreseeable, inevitable outcome of his pet policy. As a sop to his critics, Lehman added a largely ornamental safety valve to his law, ordering the US Copyright Office to invite submissions every three years petitioning for "use exemptions" to the blanket ban on circumventing access-controls.
I call this "ornamental" because if the Copyright Office thinks that, say, it should be legal for you to bypass an access control to use third-party ink in your printer, or a third-party app store in your phone, all they can do under DMCA 1201 is grant you the right to use a circumvention tool. But they can't give you the right to acquire that tool.
I know that sounds confusing, but that's only because it's very, very stupid. How stupid? Well, in 2001, the US Trade Representative arm-twisted the EU into adopting its own version of this law (Article 6 of the EUCD), and in 2003, Norway added the law to its lawbooks. On the eve of that addition, I traveled to Oslo to debate the minister involved:
The minister praised his law, explaining that it gave blind people the right to bypass access controls on ebooks so that they could feed them to screen readers, Braille printers, and other assistive tools. OK, I said, but how do they get the software that jailbreaks their ebooks so they can make use of this exemption? Am I allowed to give them that tool?
No, the minister said, you're not allowed to do that, that would be a crime.
Is the Norwegian government allowed to give them that tool? No. How about a blind rights advocacy group? No, not them either. A university computer science department? Nope. A commercial vendor? Certainly not.
No, the minister explained, under his law, a blind person would be expected to personally reverse engineer a program like Adobe E-Reader, in hopes of discovering a defect that they could exploit by writing a program to extract the ebook text.
Oh, I said. But if a blind person did manage to do this, could they supply that tool to other blind people?
Well, no, the minister said. Each and every blind person must personally ā without any help from anyone else ā figure out how to reverse-engineer the ebook program, and then individually author their own alternative reader program that worked with the text of their ebooks.
That is what is meant by a use exemption without a tools exemption. It's useless. A sick joke, even.
The US Copyright Office has been valiantly holding exemptions proceedings every three years since the start of this century, and they've granted many sensible exemptions, including ones to benefit people with disabilities, or to let you jailbreak your phone, or let media professors extract video clips from DVDs, and so on. Tens of thousands of person-hours have been flushed into this pointless exercise, generating a long list of things you are now technically allowed to do, but only if you are a reverse-engineering specialist type of computer programmer who can manage the process from beginning to end in total isolation and secrecy.
But there is one kind of use exception the Copyright Office can grant that is potentially game-changing: an exemption for decoding diagnostic codes.
You see, DMCA 1201 has been a critical weapon for the corporate anti-repair movement. By scrambling error codes in cars, tractors, appliances, insulin pumps, phones and other devices, manufacturers can wage war on independent repair, depriving third-party technicians of the diagnostic information they need to figure out how to fix your stuff and keep it going.
This is bad enough in normal times, but during the acute phase of the covid pandemic, hospitals found themselves unable to maintain their ventilators because of access controls. Nearly all ventilators come from a single med-tech monopolist, Medtronic, which charges hospitals hundreds of dollars to dispatch their own repair technicians to fix its products. But when covid ended nearly all travel, Medtronic could no longer provide on-site calls. Thankfully, an anonymous hacker started building homemade (illegal) circumvention devices to let hospital technicians fix the ventilators themselves, improvising housings for them from old clock radios, guitar pedals and whatever else was to hand, then mailing them anonymously to hospitals:
Once a manufacturer monopolizes repair in this way, they can force you to use their official service depots, charging you as much as they'd like; requiring you to use their official, expensive replacement parts; and dictating when your gadget is "too broken to fix," forcing you to buy a new one. That's bad enough when we're talking about refusing to fix a phone so you buy a new one ā but imagine having a spinal injury and relying on a $100,000 exoskeleton to get from place to place and prevent muscle wasting, clots, and other immobility-related conditions, only to have the manufacturer decide that the gadget is too old to fix and refusing to give you the technical assistance to replace a watch battery so that you can get around again:
When the US Copyright Office grants a use exemption for extracting diagnostic codes from a busted device, they empower repair advocates to put that gadget up on a workbench and torture it into giving up those codes. The codes can then be integrated into an unofficial diagnostic tool, one that can make sense of the scrambled, obfuscated error codes that a device sends when it breaks ā without having to unscramble them. In other words, only the company that makes the diagnostic tool has to bypass an access control, but the people who use that tool later do not violate DMCA 1201.
This is all relevant this month because the US Copyright Office just released the latest batch of 1201 exemptions, and among them is the right to circumvent access controls "allowing for repair of retail-level food preparation equipment":
While this covers all kinds of food prep gear, the exemption request ā filed by Public Knowledge and Ifixit ā was inspired by the bizarre war over the tragically fragile McFlurry machine. These machines ā which extrude soft-serve frozen desserts ā are notoriously failure-prone, with 5-16% of them broken at any given time. Taylor, the giant kitchen tech company that makes the machines, charges franchisees a fortune to repair them, producing a steady stream of profits for the company.
This sleazy business prompted some ice-cream hackers to found a startup called Kytch, a high-powered automation and diagnostic tool that was hugely popular with McDonald's franchisees (the gadget was partially designed by the legendary hardware hacker Andrew "bunnie" Huang!).
In response, Taylor played dirty, making a less-capable clone of the Kytch, trying to buy Kytch out, and teaming up with McDonald's corporate to bombard franchisees with legal scare-stories about the dangers of using a Kytch to keep their soft-serve flowing, thanks to DMCA 1201:
Kytch isn't the only beneficiary of the new exemption: all kinds of industrial kitchen equipment is covered. In upholding the Right to Repair, the Copyright Office overruled objections of some of its closest historical allies, the Entertainment Software Association, Motion Picture Association, and Recording Industry Association of America, who all sided with Taylor and McDonald's and opposed the exemption:
This is literally the only useful kind of DMCA 1201 exemption the Copyright Office can grant, and the fact that they granted it (along with a similar exemption for medical devices) is a welcome bright spot. But make no mistake, the fact that we finally found a narrow way in which DMCA 1201 can be made slightly less stupid does not redeem this outrageous law. It should still be repealed and condemned to the scrapheap of history.
Tor Books as just published two new, free LITTLE BROTHER stories: VIGILANT, about creepy surveillance in distance education; and SPILL, about oil pipelines and indigenous landback.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Elon Musk lies a lot. He lies about being a āutopian socialist.ā He lies about being a āfree speech absolutist.ā He lies about which companies he founded:
https://www.businessinsider.com/tesla-cofounder-martin-eberhard-interview-history-elon-musk-ev-market-2023-2
He lies about being the āchief engineerā of those companies:
He lies about really stupid stuff, like claiming that comsats that share the same spectrum will deliver steady broadband speeds as they add more users who each get a narrower slice of that spectrum:
The fundamental laws of physics donāt care about this bullshit, but people do. The comsat lie convinced a bunch of people that pulling fiber to all our homes is literally impossibleāāāas though the electrical and phone lines that come to our homes now were installed by an ancient, lost civilization. Pulling new cabling isnāt a mysterious art, like embalming pharaohs. We do it all the time. One of the poorest places in America installed universal fiber with a mule named āOle Bubā:
Previous tech barons had āreality distortion fields,ā but Musk just blithely contradicts himself and pretends he isnāt doing so, like a budget Steve Jobs. Thereās an entire site devoted to cataloging Muskās public lies:
https://elonmusk.today/
But while Musk lacks the charm of earlier Silicon Valley grifters, heās much better than they ever were at running a long con. For years, heās been promising āfull self drivingā¦next year.ā
Tesla is a giant shell-game masquerading as a car company. The important thing about Tesla isnāt its cars, itās Teslaās business arrangement, the Tesla-Financial Complex:
Once you start unpacking Teslaās balance sheets, you start to realize how much the company depends on government subsidies and tax-breaks, combined with selling carbon credits that make huge, planet-destroying SUVs possible, under the pretense that this is somehow good for the environment:
That valuation represents a bet on Teslaās ability to extract ever-higher rents from its customers. Take Teslaās batteries: you pay for the battery when you buy your car, but you donāt own that battery. You have to rent the right to use its full capacity, with Tesla reserving the right to reduce how far you go on a charge based on your willingness to pay:
Thatās just one of the many rent-a-features that Tesla drivers have to shell out for. You donāt own your car at all: when you sell it as a used vehicle, Tesla strips out these features you paid for and makes the next driver pay again, reducing the value of your used car and transfering it to Teslaās shareholders:
To maintain this rent-extraction racket, Tesla uses DRM that makes it a felony to alter your own carās software without Teslaās permission. This is the root of all autoenshittification:
This is technofeudalism. Whereas capitalists seek profits (income from selling things), feudalists seek rents (income from owning the things other people use). If Telsa were a capitalist enterprise, then entrepreneurs could enter the market and sell mods that let you unlock the functionality in your own car:
But because Tesla is a feudal enterprise, capitalists must first secure permission from the fief, Elon Musk, who decides which companies are allowed to compete with him, and how.
Once a company owns the right to decide which software you can run, thereās no limit to the ways it can extract rent from you. Blocking you from changing your deviceās software lets a company run overt scams on you. For example, they can block you from getting your car independently repaired with third-party parts.
But they can also screw you in sneaky ways. Once a device has DRM on it, Section 1201 of the DMCA makes it a felony to bypass that DRM, even for legitimate purposes. That means that your DRM-locked device can spy on you, and because no one is allowed to explore how that surveillance works, the manufacturer can be incredibly sloppy with all the personal info they gather:
All kinds of hidden anti-features can lurk in your DRM-locked car, protected from discovery, analysis and criticism by the illegality of bypassing the DRM. For example, Teslas have a hidden feature that lets them lock out their owners and summon a repo man to drive them away if you have a dispute about a late payment:
DRM is a gun on the mantlepiece in Act I, and by Act III, it goes off, revealing some kind of ugly and often dangerous scam. Remember Dieselgate? Volkswagen created a line of demon-haunted cars: if they thought they were being scrutinized (by regulators measuring their emissions), they switched into a mode that traded performance for low emissions. But when they believed themselves to be unobserved, they reversed this, emitting deadly levels of NOX but delivering superior mileage.
The conversion of the VW diesel fleet into mobile gas-chambers wouldnāt have been possible without DRM. DRM adds a layer of serious criminal jeopardy to anyone attempting to reverse-engineer and study any device, from a phone to a car. DRM let Apple claim to be a champion of its usersā privacy even as it spied on them from asshole to appetite:
Now, Tesla is having its own Dieselgate scandal. A stunning investigation by Steve Stecklow and Norihiko Shirouzu for Reuters reveals how Tesla was able to create its own demon-haunted car, which systematically deceived drivers about its driving range, and the increasingly desperate measures the company turned to as customers discovered the ruse:
The root of the deception is very simple: Tesla mis-sells its cars by falsely claiming ranges that those cars canāt attain. Every person who ever bought a Tesla was defrauded.
But this fraud would be easy to detect. If you bought a Tesla rated for 353 miles on a charge, but the dashboard range predictor told you that your fully charged car could only go 150 miles, youād immediately figure something was up. So your Telsa tells another lie: the range predictor tells you that you can go 353 miles.
But again, if the car continued to tell you it has 203 miles of range when it was about to run out of charge, youād figure something was up pretty quickāāālike, the first time your car ran out of battery while the dashboard cheerily informed you that you had 203 miles of range left.
So Teslas tell a third lie: when the battery charge reached about 50%, the fake range is replaced with the real one. That way, drivers arenāt getting mass-stranded by the roadside, and the scam can continue.
But thereās a new problem: drivers whose cars are rated for 353 miles but canāt go anything like that far on a full charge naturally assume that something is wrong with their cars, so they start calling Tesla service and asking to have the car checked over.
This creates a problem for Tesla: those service calls can cost the company $1,000, and of course, thereās nothing wrong with the car. Itās performing exactly as designed. So Tesla created its boldest fraud yet: a boiler-room full of anti-salespeople charged with convincing people that their cars werenāt broken.
This new unitāāāthe ādiversion teamāāāāwas headquartered in a Nevada satellite office, which was equipped with a metal xylophone that would be rung in triumph every time a Tesla owner was successfully conned into thinking that their car wasnāt defrauding them.
When a Tesla owner called this boiler room, the diverter would run remote diagnostics on their car, then pronounce it fine, and chide the driver for having energy-hungry driving habits (shades of Steve Jobsās āYouāre holding it wrongā):
The drivers who called the Diversion Team werenāt just lied to, they were also punished. The Tesla app was silently altered so that anyone who filed a complaint about their carās range was no longer able to book a service appointment for any reason. If their car malfunctioned, theyād have to request a callback, which could take several days.
Meanwhile, the diverters on the diversion team were instructed not to inform drivers if the remote diagnostics they performed detected any other defects in the cars.
The diversion team had a 750 complaint/week quota: to juke this stat, diverters would close the case for any driver who failed to answer the phone when they were eventually called back. The center received 2,000+ calls every week. Diverters were ordered to keep calls to five minutes or less.
Eventually, diverters were ordered to cease performing any remote diagnostics on driversā cars: a source told Reuters that āThousands of customers were told there is nothing wrong with their carā without any diagnostics being performed.
Predicting EV range is an inexact science as many factors can affect battery life, notably whether a journey is uphill or downhill. Every EV automaker has to come up with a figure that represents some kind of best guess under a mix of conditions. But while other manufacturers err on the side of caution, Tesla has the most inaccurate mileage estimates in the industry, double the industry average.
Other countriesā regulators have taken note. In Korea, Tesla was fined millions and Elon Musk was personally required to state that he had deceived Tesla buyers. The Korean regulator found that the true range of Teslas under normal winter conditions was less than half of the claimed range.
Now, many companies have been run by malignant narcissists who lied compulsivelyāāāthink of Thomas Edison, archnemesis of Nikola Tesla himself. The difference here isnāt merely that Musk is a deeply unfit monster of a human beingāāābut rather, that DRM allows him to defraud his customers behind a state-enforced opaque veil. The digital computers at the heart of a Tesla arenāt just demons haunting the car, changing its performance based on whether it believes it is being observedāāāthey also allow Musk to invoke the power of the US government to felonize anyone who tries to peer into the black box where he commits his frauds.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
This Sunday (July 30) at 1530h, Iām appearing on a panel at Midsummer Scream in Long Beach, CA, to discuss the wonderful, award-winning āGhost Postā Haunted Mansion project I worked on for Disney Imagineering.
Image ID [A scene out of an 11th century tome on demon-summoning called 'Compendium rarissimum totius Artis Magicae sistematisatae per celeberrimos Artis hujus Magistros. Anno 1057. Noli me tangere.' It depicts a demon tormenting two unlucky would-be demon-summoners who have dug up a grave in a graveyard. One summoner is held aloft by his hair, screaming; the other screams from inside the grave he is digging up. The scene has been altered to remove the demon's prominent, urinating penis, to add in a Tesla supercharger, and a red Tesla Model S nosing into the scene.]
Image:
Steve Jurvetson (modified)
https://commons.wikimedia.org/wiki/File:Tesla_Model_S_Indoors.jpg
CC BY 2.0
https://creativecommons.org/licenses/by/2.0/deed.en
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
ā Live Streamingā Interactive Chatā Private Showsā HD Qualityā Free Actions
Free to watch ⢠No registration required ⢠HD streaming
I'm on a 20+ city book tour for my new novel PICKS AND SHOVELS. Catch me in PITTSBURGH in TOMORROW (May 15) at WHITE WHALE BOOKS, and in PDX on Jun 20 at BARNES AND NOBLE with BUNNIE HUANG. More tour dates (London, Manchester) here.
Something's very different in tech. Once upon a time, every bad choice by tech companies ā taking away features, locking out mods or plugins, nerfing the API ā was countered, nearly instantaneously, by someone writing a program that overrode that choice.
Bad clients would be muscled aside by third-party clients. Locked bootloaders would be hacked and replaced. Code that confirmed you were using OEM parts, consumables or adapters would be found and nuked from orbit. Weak APIs would be replaced with muscular, unofficial APIs built out of unstoppable scrapers running on headless machines in some data-center. Every time some tech company erected a 10-foot enshittifying fence, someone would show up with an 11-foot disenshittifying ladder.
Those 11-foot ladders represented the power of interoperability, the inescapable bounty of the Turing-complete, universal von Neumann machine, which, by definition, is capable of running every valid program. Specifically, they represented the power of adversarial interoperability ā when someone modifies a technology against its manufacturer's wishes. Adversarial interoperability is the origin story of today's tech giants, from Microsoft to Apple to Google:
But adversarial interop has been in steady decline for the past quarter-century. These big companies moved fast and broke things, but no one is returning the favor. If you ask the companies what changed, they'll just smirk and say that they're better at security than the incumbents they disrupted. The reason no one's hacked up a third-party iOS App Store is that Apple's security team is just so fucking 1337 that no one can break their shit.
I think this is nonsense. I think that what's really going on is that we've made it possible for companies to design their technologies in such a way that any attempt at adversarial interop is illegal.
"Anticircumvention" laws like Section 1201 of the 1998 Digital Millennium Copyright Act make bypassing any kind of digital lock (AKA "Digital Rights Management" or "DRM") very illegal. Under DMCA, just talking about how to remove a digital lock can land you in prison for 5 years. I tell the story of this law's passage in "Understood: Who Broke the Internet," my new podcast series for the CBC:
For a quarter century, tech companies have aggressively lobbied and litigated to expand the scope of anticircumvention laws. At the same time, companies have come up with a million ways to wrap their products in digital locks that are a crime to break.
Digital locks let Chamberlain, a garage-door opener monopolist block all third-party garage-door apps. Then, Chamberlain stuck ads in its app, so you have to watch an ad to open your garage-door:
These companies built 11-foot ladders to get over their competitors' 10-foot walls, and then they kicked the ladder away. Once they were secure atop their walls, they committed enshittifying sins their fallen adversaries could only dream of.
I've been campaigning to abolish anticircumvention laws for the past quarter-century, and I've noticed a curious pattern. Whenever these companies stand to lose their legal protections, they freak out and spend vast fortunes to keep those protections intact. That's weird, because it strongly implies that their locks don't work. A lock that works works, whether or not it's illegal to break that lock. The reason Signal encryption works is that it's working encryption. The legal status of breaking Signal's encryption has nothing to do with whether it works. If Signal's encryption was full of technical flaws but it was illegal to point those flaws out, you'd be crazy to trust Signal.
Signal does get involved in legal fights, of course, but the fights it gets into are ones that require Signal to introduce defects in its encryption ā not fights over whether it is legal to disclose flaws in Signal or exploit them:
But tech companies that rely on digital locks manifestly act like their locks don't work and they know it. When the tech and content giants bullied the W3C into building DRM into 2 billion users' browsers, they categorically rejected any proposal to limit their ability to destroy the lives of people who broke that DRM, even if it was only to add accessibility or privacy to video:
The thing is, if the lock works, you don't need the legal right to destroy the lives of people who find its flaws, because it works.
Do digital locks work? Can they work? I think the answer to both questions is a resounding no. The design theory of a digital lock is that I can provide you with an encrypted file that your computer has the keys to. Your computer will access those keys to decrypt or sign a file, but only under the circumstances that I have specified. Like, you can install an app when it comes from my app store, but not when it comes from a third party. Or you can play back a video in one kind of browser window, but not in another one. For this to work, your computer has to hide a cryptographic key from you, inside a device you own and control. As I pointed out more than a decade ago, this is a fool's errand:
After all, you or I might not have the knowledge and resources to uncover the keys' hiding place, but someone does. Maybe that someone is a person looking to go into business selling your customers the disenshittifying plugin that unfucks the thing you deliberately broke. Maybe it's a hacker-tinkerer, pursuing an intellectual challenge. Maybe it's a bored grad student with a free weekend, an electron-tunneling microscope, and a seminar full of undergrads looking for a project.
The point is that hiding secrets in devices that belong to your adversaries is very bad security practice. No matter how good a bank safe is, the bank keeps it in its vault ā not in the bank-robber's basement workshop.
For a hiding-secrets-in-your-adversaries'-device plan to work, the manufacturer has to make zero mistakes. The adversary ā a competitor, a tinkerer, a grad student ā only has to find one mistake and exploit it. This is a bedrock of security theory: attackers have an inescapable advantage.
So I think that DRM doesn't work. I think DRM is a legal construct, not a technical one. I think DRM is a kind of magic Saran Wrap that manufacturers can wrap around their products, and, in so doing, make it a literal jailable offense to use those products in otherwise legal ways that their shareholders don't like. As Jay Freeman put it, using DRM creates a new law called "Felony Contempt of Business Model." It's a law that has never been passed by any legislature, but is nevertheless enforceable.
In the 25 years I've been fighting anticircumvention laws, I've spoken to many government officials from all over the world about the opportunity that repealing their anticircumvention laws represents. After all, Apple makes $100b/year by gouging app makers for 30 cents on ever dollar. Allow your domestic tech sector to sell the tools to jailbreak iPhones and install third party app stores, and you can convert Apple's $100b/year to a $100m/year business for one of your own companies, and the other $999,900,000,000 will be returned to the world's iPhone owners as a consumer surplus.
But every time I pitched this, I got the same answer: "The US Trade Representative forced us to pass this law, and threatened us with tariffs if we didn't pass it." Happy Liberation Day, people ā every country in the world is now liberated from the only reason to keep this stupid-ass law on their books:
One of the questions I've been getting repeatedly from policy wonks, activists and officials is, "Is it even possible to jailbreak modern devices?" They want to know if companies like Apple, Tesla, Google, Microsoft, and John Deere have created unbreakable digital locks. Obviously, this is an important question, because if these locks are impregnable, then getting rid of the law won't deliver the promised benefits.
It's true that there aren't as many jailbreaks as we used to see. When a big project like Nextcloud ā which is staffed up with extremely accomplished and skilled engineers ā gets screwed over by Google's app store, they issue a press-release, not a patch:
These hacks are incredibly ambitious! How ambitious? How about a class break for every version of iOS as well as an unpatchable hardware attack on 8 years' worth of Apple bootloaders?
Now, maybe it's the case at all the world's best hackers are posting free code under pseudonyms. Maybe all the code wizards working for venture backed tech companies that stand to make millions through clever reverse engineering are just not as mad skilled as teenagers who want an ad-free Insta and that's why they've never replicated the feat.
Or maybe it's because teenagers and anonymous hackers are just about the only people willing to risk a $500,000 fine and 5-year prison sentence. In other words, maybe the thing that protects DRM is law, not code. After all, when Polish security researchers revealed the existence of secret digital locks that the train manufacturer Newag used to rip off train operators for millions of euros, Newag dragged them into court:
Tech companies are the most self-mythologizing industry on the planet, beating out even the pharma sector in boasting about their prowess and good corporate citizenship. They swear that they've made a functional digital lockā¦but they sure act like the only thing those locks do is let them sue people who reveal their workings.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
I'm on a 20+ city book tour for my new novel PICKS AND SHOVELS. Catch me in PITTSBURGH on May 15 at WHITE WHALE BOOKS, and in PDX on Jun 20 at BARNES AND NOBLE with BUNNIE HUANG. More tour dates (London, Manchester) here.
"Who Broke the Internet?" is a new podcast from CBC Understood that I host and co-wrote ā it's a four-part series that explains how the enshitternet came about, and, more importantly, what we can do about it. Episode one is out this week:
The thesis of the series ā and indeed, of my life's work ā is that the internet didn't turn to shit because of the "great forces of history," or "network effects," or "returns to scale." Rather, the Great Enshittening is the result of specific policy choices, made in living memory, by named individuals, who were warned at the time that this would happen, and they did it anyway. These wreckers are the largely forgotten authors of our misery, and they mingle with impunity in polite society, never fearing that someone might be sizing them up for a pitchfork.
"Who Broke the Internet?" aims to change that. But the series isn't just about holding these named people accountable for their enshittificatory deeds: it's about understanding the policies that created the enshittocene, so that we can dismantle them and build a new, good internet that is fit for purpose, namely, helping us overcome and survive environmental collapse, oligarchic control, fascism and genocide.
The crux of enshittification theory is this: tech bosses made their products and services so much worse in order to extract more rents from end-users and business customers. The reason they did this is because they could. Over 20+ years, our policymakers created an environment of impunity for enshittifying companies, sitting idly by (or even helping out) as tech companies bought or destroyed their competitors; captured their regulators; neutered tech workers' power; and expanded IP laws to ensure that technology could only ever be used to attack us, but never to defend us.
These four forces ā competition, regulation, labor power and interoperability ā once acted as constraints, because they punished enshittifying gambits. Make your product worse and users, workers and suppliers would defect to a competitor; or a regulator would fine you or even bring criminal charges; or your irreplaceable workers would down tools and refuse to obey your orders; or another technologist would come up with an alternative client, an ad-blocker, a scraper, or compatible spare parts, plugins or mods that would permanently sever your relationship with whomever you were tormenting.
As these constraints fell away, the environment became enshittogenic: rather than punishing enshittification, it rewarded it. Individual enshittifiers within companies triumphed in their factional struggles with corporate rivals, like the Google revenue czar who vanquished the Search czar, deliberately worsening search results so we'd have to repeatedly search to get the answers we seek, creating more opportunities to show us ads:
An enshittogenic environment meant that individuals within companies who embraced plans to worsen things to juice profits were promoted, displacing workers and managers who felt an ethical or professional obligation to make good and useful things. Top tech bosses ā the C-suite ā went from being surrounded by "adult supervision" who checked their worst impulses with dire warnings about competition, government punishments, or worker revolt to being encysted in a casing of enthusiastic enshittifiers who competed to see who could come up with the most outrageously enshittificatory gambits.
"Who Broke the Internet?" covers the collapse of all of these constraints, but its main focus is on IP law ā specifically, anticircumvention law, which bans technologists from reverse-engineering and modifying the technologies we own and use (AKA "interoperability" or "adversarial interoperability").
Interoperability is at the center of the enshittification story because interop is an unavoidable characteristic of anything built out of computers. Computers are, above all else, flexible. Formally speaking, our computers are "Turing-complete universal von Neumann machines," which is to say that every one of our computers is capable of running every valid program.
That flexibility is why we call computers a "general purpose" technology. The same computer that helps your optometrist analyze your retina can also control your car's anti-lock braking system, and it can also play Doom.
Enshittification runs on that flexibility. It's that flexibility that allows a digital products or service to offer different prices, search rankings, recommendations, and costs to every user, every time they interact with it:
https://pluralistic.net/2023/02/19/twiddler/
It's that flexibility that lets tech companies send over-the-air "updates" to your property that takes away functionality you paid for and valued, and then sell it back to you as an "upgrade" or worse, a monthly subscription:
But that flexibility cuts both ways. The fact that every computer can run every valid program means that every enshittificatory app and update, there's a disenshittificatory program you could install that would reverse the damage. For every program that tells your HP printer to reject third-party ink, forcing you to buy HP's own colored water at $10,000/gallon, there's another program that tells your HP printer to enthusiastically accept third-party ink that costs mere pennies:
In other worse, show me a 10-foot enshittifying wall, and I'll show you an 11-foot disenshittifying ladder.
Interoperability has long been technology's most important disenshittifier. Interop harnesses the rapaciousness of tech bros and puts it in service to making things better. Someone who hacks Instagram to take out the ads and recommendations and just show you posts from people you follow need not be motivated by the desire to make your life better ā they can be motivated by the desire to poach Instagram users and build a rival business, and still make life better for you:
And if they succeed and then recapitulate the sins of Instagram's bosses, turning the screws on users with ads, suggestions and slop? That just invites more disenshittifying interoperators to do unto them as they did unto Zuck.
That's the way it used to work: the 10-foot piles of shit deployed by tech bosses conjured up 11-foot ladders. This is what disruption is, when it is at its best. There's nothing wrong with moving fast and breaking things ā provided the things you're breaking belong to billionaire enshittifiers. Those things need to be broken.
Enter IP law. For the past 25+ years, IP law has been relentlessly expanded in ways that ensure that disruption is always for thee, never me. "IP" has come to mean, "Any law that lets a dominant company reach out and exert control over its critics, competitors and customers":
https://locusmag.com/2020/09/cory-doctorow-ip/
The most pernicious IP law is far and away "anticircumvention." Under anticircumvention, it is illegal to "break a digital lock" that controls access to a copyrighted work, including software (and digital locks are software, so any digital lock automatically gets this protection).
This is mind-bending, particularly because it's one of those things that's so unreasonable, so very, very stupid that it's easy to think you're misunderstanding it, because surely it can't be that stupid.
But oh, it is.
One of the best ways to grasp this point is to start with what you might do in a world without digital locks. Take your printer: if HP raises the price of ink, you might start to refill your cartridges or buy third-party cartridges. Obviously, this is not a copyright violation. Ink is not a copyrighted work. But once HP puts a digital lock on the printer that checks to see if you've done an end-run around the HP ink ripoff, then refilling your cartridge becomes illegal, because you have to break that digital lock to get your printer to use the ink you've chosen.
Or think about cars: taking your car to your mechanic does not violate anyone's copyright. If your car, you decide who fixes it. But all car makers use digital locks to prevent mechanics from reading out the diagnostic information they need to access to fix your car. If a mechanic wants to know why your check engine light has turned on, they have to buy a tool ā spending 5-figure sums every year for every manufacturer ā in order to decode that error. Now, it's your car, and error messages aren't copyrighted works, but bypassing the lock that prevents independent diagnosis is a crime, thanks to anticircumvention law.
Then there's app stores. You bought your console. You bought your phone. These devices are your property. If I want to sell you some software I've written so you can run it on your device, that's not a copyright violations. It is the literal opposite of a copyright violation: an author selling their copyrighted works to a customer who gets to enjoy those works using their own property. But the digital lock on your iPhone, Xbox, Playstation and Switch all prevent your device from running software unless it is delivered by the manufacturer's app store, which takes 30 cents out of every dollar you spend. Installing software without going through the manufacturer's app store requires that you break the device's digital lock, and that's a crime, which means that buying a copyrighted work from its author becomes a copyright violation!
This is what Jay Freeman calls "felony contempt of business model." We created laws ā again, in living memory, thanks to known individuals ā that had the foreseeable, explicit intent of making it illegal to disenshittify the products and services you rely on. We created this enshittogenic environment, and we got the enshittocene.
That's where "Who Broke the Internet?" comes in. We tell the story of Bruce Lehman, who was Bill Clinton's IP czar. Anticircumvention was really Lehman's brainchild, and he had a plan to make it the law of the land. When Al Gore was overseeing the demilitarization of the internet (the "Information Superhighway" proceedings), Lehman pitched this idea to him as the new rules of the road for the internet. To Gore's eternal credit, he flatly rejected Lehman's proposal as the batshit nonsense it plainly was.
So Lehman scuttled to Switzerland, where a UN agency, the World Intellectual Property Organization (WIPO) was crafting a pair of new treaties to create a global system of internet regulation. Lehman lobbied the national delegations to WIPO to put anticircumvention in their treaties, and he succeeded ā partially. WIPO is a very bad agency, since the majority of delegations that are sent to Geneva by the world's nations come from poor countries in the global south, and they're made up of experts in things like water, agriculture and child health. The vast majority of national reps at WIPO are not experts in IP, and they are often easy prey for fast-talking lobbyists from US-based media, pharma and tech companies, as well as the US government reps who carry their water.
But even at WIPO, Lehman's proposal was viewed as far too extreme. In the end, the anticircumvention rules embedded in the WIPO treaties are much more reasonable than Lehman's demands. Under the WIPO treaty, signatories must pass laws that make copyright infringement extra illegal if you have to break a digital lock on the way. But if you break a lock and you don't infringe copyright (say, because you refilled a printer cartridge, took your car to an independent mechanic, or got some software without using an app store), then you're fine.
Lehman's next move was to convince Congress that they needed to pass a version of the anticircumvention rule that went far beyond the obligations in the WIPO treaties. In this, he was joined by powerful, deep-pocketed lobbyists from Big Content, and later, Big Tech. They successfully pressured Congress into passing Section 1201 of the Digital Millennium Copyright Act in 1998 ā a law that protects digital locks, at the expense of copyright and the creative workers whom copyright is said to serve.
Lehman has repeatedly, publicly described this maneuver as "doing an end-run around Congress." Once America adopted this extreme anticircumvention rule, the US Trade Representative made it America's top priority to ram identical laws through the legislatures of all of America's trading partners, under the explicit or tacit threat of tariffs on any country that refused (the information minister of a Central American country once told me that the USTR threatened them, saying that if they didn't accept anticircumvention as a clause in the Central American Free Trade Agreement ā CAFTA ā they would lose their ability to export soybeans to America).
Canada took more than a decade to enact its own version of the anticircumvention rule, which was the source of public outrage by the USTR and US industry lobbyists. These neocolonialists found plenty of Parliamentary sellouts willing to introduce laws on their behalf, but every time this happened, the Canadian people reacted with a kind of mass outrage that had never been seen in response to highly technical proposals for internet regulation. For example, the Liberal MP Sam Bulte was challenged on her support of the rule by her Parkdale constituents at a public meeting, and had a screeching meltdown, screaming that she would not be "bullied by user-rights zealots and EFF members." Voters put "User-Rights Zealot" signs on their lawns and voted her out of office.
Anticircumvention remained a priority for the US, and they found new MPs to do their dirty work. Stephen Harper's Conservatives made multiple tries at this. After Jim Prentice utterly failed to get the rule through Parliament, the brief was picked up by Heritage Minister James Moore (who liked to call himself "the iPad Minister") and now-disgraced Industry minister Tony Clement. Clement and Moore tried to diffuse the opposition to the proposal by conducting a public consultation on it.
This backfired horribly. Over 6,000 Canadians wrote into the consultation with individual, detailed, personal critiques of anticircumvention, explaining how the rule would hurt them at work and at home. Only 53 submissions supported the rule. Moore threw away these 6,130 negative responses, justifying it by publicly calling them the "babyish" views of "radical extremists":
Named individuals created policies in living memory. They were warned about the foreseeable outcomes of those proposals. They passed them anyway ā and then no one held them accountable.
Until now.
The point of remembering where these policies came from isn't (merely) to ensure that these people are forever remembered as the monsters they showed themselves to be. Rather, it is to recover the true history of enshittification, the choices we made that led to enshittification, so that we can reverse those policies, disenshittify our tech, and give rise to a new, good internet that's fit for the purpose of being the global digital nervous system for a species facing a polycrisis of climate catastrophe, oligarchy, fascism and genocide.
There's never been a more urgent moment to reconsider those enshittificatory policies ā and there's never been a more auspicious moment, either. After all, Canada's anticircumvention law exists because it was supposed to guarantee tariff-free access to American markets. That promise has been shattered, permanently. It's time to get rid of that law, and make it legal for Canadian technologists to give the Canadian public the tools they need to escape from America's Big Tech bullies, who pick our pockets with junk-fees and lock-in, and who attack our social, legal and civil lives with social media walled gardens:
"Understood: Who Broke the Internet" is streaming now. We've got three more episodes to go ā part two drops on Monday (and it's a banger). You can subscribe to it wherever you get your podcasts, and here's the RSS feed:
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
I'm on a tour with my new book, the international bestseller Enshittification: catch me next in Toronto (TOMORROW!), San Diego and Seattle! Full schedule here.
In their 2023 book Underground Empire, political scientists Henry Farrell and Abraham Newman describe how the modern world runs on US-based systems that other nations treat(ed) as neutral platforms, and how that is collapsing:
Think of the world's fiber optic cables: for most of the internet's history, it was a given that one end of the majority of the world's transoceanic fiber would make landfall on one of the coasts of the USA. US telcos paid to interconnect these fiber head-ends ā even ones on opposite coasts ā with extremely reliable, high-speed links.
This made a certain kind of sense. Pulling fiber across an ocean is incredibly expensive and difficult. Rather than run cables between each nation in the world, countries could connect to the US, and, in a single hop, connect to anywhere else.
This is a great deal, provided that you trust the USA to serve as an honest broker for the world's internet traffic. Then, in 2013, the Snowden leaks revealed that America's National Security Agency was spying on pretty much everyone in the world.
Since then, the world has undergone a boom in new transoceanic fiber, most of it point-to-point links between two countries. Despite the prodigious logistical advantages of a hub-and-spoke model for ocean-spanning fiber networks, there just isn't any nation on Earth that can be entrusted with the world's information chokepoint, lest they yield to temptation to become the world's gatekeeper.
Don't get me wrong: there are also advantages to decentralized (or even better, distributed) interconnections in the world's data infrastructure. A more dispersed network topology is more resilient against a variety of risks, from political interference to war to meteor strikes.
But connecting every country to every other country is a very expensive proposition. Our planet has 205 sovereign nations, and separately connecting each of them to the rest will require 20,910 links.
In complexity theory, this is an "Order N-squared" ("O(n^2)") problem ā every additional item in the problem set squares the number of operations needed to solve it. We aren't anywhere near a world where every country has a link to every other country on Earth. Instead, we're in an unsettled period, where warring theories about how to decentralize, and by how much, have created a weird, lopsided network topology.
Obviously, fiber interconnection isn't the most important "neutral platform" that the US (formerly) provided to the rest of the world. The most important American platform is the US dollar, which most countries in the world use as a reserve currency, and also as a standard for clearing international transactions. If someone in Thailand wants to buy oil from someone in Saudi Arabia, they do so in dollars. This is called "dollar clearing."
The case for dollar clearing is similar to the case for linking all the world's fiber through US data-centers. It's a big lift to ask every seller to price their goods in every potential buyer's currency, and it's a lot to ask every Thai baht holder to race around the world seeking someone who'll sell them Saudi riyals ā and then there's the problem of what they do with the change left over from the transaction.
Establishing liquid markets for every pair of every currency has the same kind of complexity as the problem of establishing fiber links between every country.
Since the mid-20th century, we've solved this problem by treating the US dollar as a neutral platform. Countries opened savings accounts at the US Federal Reserve and stashed large numbers of US dollars there (when someone says, "China owns umpty-billion in US debt," they just mean, "There's a bank account in New York at the Fed with China's name on it that has been marked up with lots of US dollars").
Merchants, institutions and individuals that wanted to transact across borders used the SWIFT system, which is nominally international, but which, practically speaking, is extremely deferential to the US government.
Issuing the world's reserve and reference currency was a source of enormous power for the US, but only to the extent that it used that power sparingly, and subtly. The power of dollarization depended on most people believing that the dollar was mostly neutral ā that the US wouldn't risk dollar primacy by nakedly weaponizing the dollar. Dollarization was a bet that America First hawks would have the emotional maturity to instrumentalize the dollar in the most sparing and subtle of fashion.
But today, no one believes that the dollar is neutral. First came the Argentine sovereign debt default: in 2001, the government of Argentina wiped out investors who were holding its bonds. In 2005, a group of American vulture capitalists scooped up this worthless paper for pennies, then sued in New York to force Argentina to make good on the bonds, and a US court handed over Argentina's foreign reserves, which were held on US soil.
That was the opening salvo in a series of events showed everyone in the world that the US dollar wasn't a neutral platform, but was, rather, a creature of US policy. This culminated with the Russian invasion of Ukraine, which saw the seizure of Russian assets in the USA and a general blockade on Russians using the SWIFT system to transfer money.
Whether or not you like the fact that Russian assets were transferred to Ukraine to aid in its defense against Russian aggression (I like it, for the record), there's no denying that this ended the pretense that the dollar was a neutral platform. It was a signal to every leader in the world that the dollar could only be relied upon for transaction clearing and foreign reserves to the extent that you didn't make the USA angry at you.
Today, Donald Trump has made it clear that the US's default posture to every country in the world is anger. The US no longer has allies, nor does it have trading partners. Today, every country in the world is America's adversary and its rival.
But de-dollarization isn't easy. It presents the same O(n^2) problem as rewiring the world's fiber: creating deep, liquid markets to trade every currency against every other currency is an impossible lift (thus far), and there's no obvious candidate as a replacement for the dollar as a clearing currency.
As with fiber, we are in an unsettled period, with no obvious answer, and lots of chaotic, one-off gestures towards de-dollarization. For example, Ethiopia is re-valuing its foreign debt in Chinese renminbi:
But fiber and dollars aren't the only seemingly neutral platforms that America provided to the world as a way of both facilitating the world's orderly operation and consolidating America's centrality and power on the global stage.
America is also the world's great digital exporter. The world's governments, corporations and households run on American cloud software, like Google Docs and Office365. Their records are held in Oracle databases. Their messages and media run on iPhones. Their cloud compute comes from AWS.
The Snowden revelations shook this arrangement, but it held. The EU extracted a series of (ultimately broken) promises from the US to the effect that America wouldn't spy on Europeans using Big Tech. And now, after a brittle decade of half-measures and uneasy peace with American tech platforms, Trump has made it clear that he will not hesitate to use American tech platforms to pursue his geopolitical goals.
Practically speaking, that means that government officials that make Trump angry can expect to have their cloud access terminated:
Trump can ā and does ā shut down entire international administrative agencies, without notice or appeal, as a means of coercing them into embracing American political goals.
What's more, US tech giants have stopped pretending that they will not share sensitive EU data ā even data housed on servers in the EU ā with American spy agencies, and will keep any such disclosures a secret from the European governments, companies and individuals who are affected:
But the Eurostack's proponents are really working on the preliminaries to digital sovereignty. It's not enough to have alternatives to US Big Tech. There also needs to be extensive work on migration tools, to facilitate the move to those alternatives. No one is going to manually copy/paste a million documents out of their ministry or corporation's GSuite repository and into a Eurostack equivalent. There are a few tools that do this today, but they're crude and hard to use, because they are probably illegal under America's widely exported IP laws.
Faithfully transferring those files, permissions, edit histories and metadata to new clouds will require a kind of guerrilla warfare called "adversarial interoperability." Adversarial interoperability is the process of making a new thing work with an existing thing, against the wishes of the existing thing's manufacturer:
The problem is that adversarial interoperability has been mostly criminalized in countries all around the world, thanks to IP laws that prohibit study, reverse engineering and modification of software without permission. These laws were spread all over the world at the insistence of the US Trade Representative, who, for 25 years, has made this America's top foreign trade priority.
Countries that balked at enacting laws were threatened with tariffs. Virtually every country in the world fell into line:
But then Trump happened. The Trump tariffs apply to countries that have voluntarily blocked their own investors and entrepreneurs from making billions by supplying products that unlock and improve America's enshittified tech exports. These blocks also exposed everyone in the world to the data- and cash-plundering scams of US Big Tech, by preventing the creation of privacy blockers, alt clients, jailbreaking kits, and independent app stores for phones, tablets and consoles.
What's more, the laws that block reverse-engineering are also used to block repair, forcing everyone from train operators to hospitals to drivers to everyday individuals to pay a high premium and endure long waits to get their equipment serviced by the manufacturer's authorized representatives:
These US-forced IP laws come at a high price. They allow American companies to pick your nation's pockets and steal its data. They interfere with repair and undermine resiliency. They also threaten security researchers who audit critical technologies and identify their dangerous defects:
On top of that, they expose your country to a range of devastating geopolitical attacks by the Trump administration, who have made it clear that they will order American tech companies to brick whole governments as punishment for failing to capitulate to US demands. And of course, all of these remote killswitches can be operated by anyone who can hack or trick the manufacturer, including the Chinese state:
Speaking of China, isn't this exactly the kind of thing we were warned would happen if we allowed Chinese technology into western telecommunications systems? The Chinese state would spy on us, and, in times of extremis, could shut down our critical infrastructure with a keystroke.
This is exactly what America is doing now (and has been doing for some time, as Snowden demonstrated). But it's actually pretty reasonable to assume that a regime as competent and ambitious (and ruthless) as Xi Jinping's might make use of this digital power if doing so serves its geopolitical goals.
And there is a hell of a lot of cloud-connected digital infrastructure that Xi does (or could) control, including the solar inverters and batteries that are swiftly replacing fossil fuel in the EU:
And if you're worried about China shutting down your solar energy, you should also worry about America's hold on the embedded processors in your country's critical systems.
Take tractors. Remember when Putin's thugs looted millions of dollars' worth of tractors from Ukraine and spirited them away to Chechnya? The John Deere company sent a kill command to those tractors and bricked them, rendering them permanently inoperable:
Sure, there's a certain cyberpunk frisson in this tale of a digital comeuppance for Russian aggressors. But think about this for ten seconds and you'll realize that it means that John Deere can shut down any tractor in the world ā including all the tractors in your country, if Donald Trump forces them to:
The national security case for digital sovereignty includes people worried about American aggression. It includes people worried about Chinese aggression. It includes people worried about other countries that might infiltrate and make use of these remote kill switches. And it includes people worried about criminals doing the same.
True digital sovereignty requires more than building Eurostack data-centers and the software to run on them. It requires more than repealing the IP laws that block cloud customers from migrating their data to those Eurostack servers. It requires the replacement of the cloud software and embedded code that power our infrastructure and administrative tools.
This is a gigantic task. Ripping out all the proprietary code that powers our cloud software and devices and replacing it with robust, auditable, user-modifiable free/open source software is a massive project.
It's also a project that's long overdue. And crises precipitate change. Putin's invasion of Ukraine vaporized every barrier to Europe's solar conversion, rocketing the bloc from ten years behind schedule to fifteen years ahead of schedule in just a few years.
The fact that changing out all the proprietary, opaque, vulnerable code in our world and replacing it with open, free, reliable code is hard has no bearing on whether it is necessary.
It is necessary. What's more, replacing all the code isn't like replacing the dollar, or replacing the fiber. It isn't hamstrung by the O(n^2) problem.
Because if the Eurostack code is open and free, it can also be the Canadian stack, the Mexican stack, the Ghanaian stack, and the Vietnamese stack. It can be a commons, a set of core technologies that everyone studies for vulnerabilities and improves, that everyone adds features to, that everyone localizes and administers and bears the costs for.
It is a novel and curious form of "international nationalism," a technology that is more like a science. In the same way that the Allies and the Axis both used the same radio technologies to communicate, a common, open digital infrastructure is one that everyone ā even adversaries ā can rely upon.
This is a move that's long overdue. It's a move that's in the power of every government, because it merely involves changing your own domestic laws to enable adversarial interoperability. Its success doesn't depend on a foreign state forcing Apple or Google or Microsoft or Oracle to do something they don't want to do:
The opportunity and challenge of building the post-American internet is part of the package of global de-Americanization, which includes running new fiber and de-dollarization. But the post-American internet is unique in that it is the only part of this project that can be solved everywhere, all at once, and that gets cheaper and easier as more nations join in.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog: