FOXTROT/ALFA: ESR Banned from OSI for Speaking His Mind, Alleged Assange Victim Wants UN Special Rapporteur to Step Down, EARN IT

Good evening everyone and welcome to issue 85 of FOXTROT/ALFA for Monday, 9 March 2020. I’m fully back in the saddle here and ready to resume my daily duties in writing this newsletter. But before we get into the tech news of the day, let me just lay some ground rules here.

Going forward, I will not report on any stories to do with the Coronavirus situation, even if they have a tech angle. This whole hysteria is getting ridiculous. If you’re in the group of high risk individuals with pre-existing conditions, you undoubtedly know by now. And if you are not, you have little to worry about. I refuse to keep spreading fear. You can find out about cancelled events and product shortages elsewhere. And to be honest, I don’t give a damn about the global economy. It’s always driven (up or down) by human stupidity, this isn’t anything new. So this newsletter will be a Corona-Free Zone from now on. I hope you understand.

With that out of the way, let’s see what happened over the weekend and today.

Facebook Facing a AU$529 Billion Fine

The Australian Information Commissioner is suing Facebook to a tune of AU$529 billion (roughly €304 billion) over the Cambridge Analytica Scandal.

In a case lodged with the Federal Court today, the Australian Information Commissioner, Angelene Falk, accused Facebook of exposing the data of 311,127 Australians between March 2014 and May 2015 through the This Is Your Digital Life app, a quiz that harvested the data of 87 million users worldwide.

The app, created by academic Aleksandr Kogan, was able to suck up so many users’ profiles because Facebook’s policies for developers using its Graph API at the time allowed apps to gather data not only from users, but also all of their friends.

The data was then sold on to consultants Cambridge Analytica, which used the data for political profiling, serving clients such as Donald Trump’s election team and the Leave campaign in the UK Brexit referendum. Although Cambridge Analytica registered a business in Australia shortly after Trump’s election, it was not used by any of the country’s political parties.

“The design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed,” Falk said in a statement.

Eric S. Raymond Banned from OSI’s Mailing Lists

Open Source Initiative (OSI) co-founder Eric S. Raymond says he has been banned from the organisation’s mailing lists among a debate about licensing rules. This comes about two months after the organisation’s other co-founder, Bruce Perens, quit the organisation for good over disagreements with the direction of OSI licensing decisions.

I – OSI’s co-founder and its president for its first six years – was kicked off their lists for being too rhetorically forceful in opposing certain recent attempts to subvert OSD clauses 5 and 6. This despite the fact that I had vocal support from multiple list members who thanked me for being willing to speak out.

The OSI hasn’t said why they have banned Raymond. They haven’t even confirmed the banning.

In an email to the mailing list in question, Raymond vehemently argues against attempts to create open source licenses that allow the owner of the copyright to exclude companies or individuals as users of code based on ethical considerations. The original founder of both the Open Source and Free Software movements were clear from the beginning that licenses with such clauses would be considered neither. They argued, quite reasonably, that you can’t fight for the freedom of everyone being able to use a program and, at the same time, exclude people based on ethical questions. They realised early on, that such ethical questions are always fraud with problems that are impossible to tackle for a software license (and the legal system it is based on).

Take the case I have discussed in this newsletter many times before: Employees regarding it unethical for their company (which is based in the US) to sell software to the US Immigration and Customs Enforcement (ICE) agency. They can certainly argue that, but what court would agree with them when it comes to enforcing a software license? ICE is an official government agency of a democratically constituted government in a federal republic. How can citizens of this republic argue that selling software to their own government is unethical? I mean, even if it was, wouldn’t that be a question of reforming ICE policy instead of a software licensing issue? This kind of argument makes no sense and only goes to show that people can have very different ideas on what is ethical and what isn’t. And it seems clear that Raymond and his fellow Open Source and Free Software pioneers saw this coming and, for good reasons, put protections like clauses 5 and 6 of the Open Source Definition (OSD) in place.

Raymond, a pretty hardcore libertarian, says it well when he summarises the change that is currently taking place in this arena:

It shouldn’t be news to anyone that there is an effort afoot to change – I would say corrupt – the fundamental premises of the open-source culture. Instead of meritocracy and “show me the code”, we are now urged to behave so that no-one will ever feel uncomfortable. In the process, the freedom to speak necessary truths even when the manner in which they are expressed is unpleasant is being gradually strangled.

The cost of a culture in which avoiding offense trumps the liberty to speak is that crybullies control the discourse. We are being social-hacked from being a culture in which freedom is the highest value to one in which it is trumped by the suppression of wrongthink and wrongspeak.

I might not agree with a lot of things Raymond has said in the past, but I do agree with that. And I also agree with his call to arms:

Wake up and speak out. Embrace the right to be rude – not because “rude” in itself is a good thing, but because the degenerative slide into suppression of disfavored opinions has to be stopped right where it starts, at the tone policing.

Fuck those people!

If you think Raymond is full of crap and his assertion that there’s a wider effort afoot to corrupt the ideas of open source, you might want to read this blog post by Bradley Kuhn, who comes from a diametrically opposed political point of view but sees the wider war that’s being fought over the Open Source Definition.

Spyware Maker NSO Group with a No-Show in Facebook Lawsuit, Now Says Facebook Was Lying

Facebook is suing Israeli spyware company NSO Group over alleged WhatsApp hacking. I’ve reported on it in this newsletter before. NSO Group didn’t even show up, which caused a default judgement to be rendered in favour of Facebook. Now NSO Group is claiming they weren’t even served papers correctly.

Facebook has been accused of lying to a US court in its ongoing legal battle against government malware maker NSO Group.

A series of filings from NSO lawyers lay out the Israeli security company’s reasoning for its no-show in court on 2 March, including the accusation that Facebook never properly served its lawyers with legal papers, despite telling the court that it had.

NSO’s legal team now say the Israeli government had told Zuck & Co’s lawyers that they had made a mistake with the necessary documents.

“Facebook’s underhanded tactics deceived the court into entering an improper default, and created a false narrative in the news media that unfairly described NSO Group as unresponsive to the case.”

In addition to throwing out the default judgement, NSO is asking the court to give it additional time (another 120 days) to respond to the suit.

It’s amazing that a company that sells spyware to governments (some of them, allegedly, not very democratic) is worried about the “narrative in the news media”.

Alleged Rape Victim Calls for UN Special Rapporteur on Torture to Step Down over Assange Comments

One of Julian Assange’s alleged rape victims in Sweden is calling for the United Nations Special Rapporteur on Torture, Nils Melzer, to step down after Melzer had criticised Assange’s continued prosecution. As Der Spiegel is reporting , Anna A. is accusing Melzer of lying and distorting facts. The woman says she “never felt so abused” as after Melzer’s statements. Melzer had said that some of the rape charges in Assange’s case were trumped up. The Swedish woman is accusing Melzer of “victim blaming” in response.

According to Der Spiegel, Melzer and the woman had exchanged emails prior to her calling for his resignation. In the emails, Melzer admitted that he might benefit from learning more facts in the case and that he didn’t mean to presume that Assange was innocent when it comes to the rape allegations.

Aside from Assange’s alleged victim, 300 lawyers and legal professors also criticised Melzer, says Der Spiegel. What my esteemed colleague neglects to mention in his article is that all charges against Assange were dropped in Sweden in November. So maybe Anna A. and all those lawyers and professors might want to criticise the Swedish legal system instead of the United Nations Special Rapporteur on Torture? Just an idea.

Google Rats Out Cyclist, Turns Him into a Burglary Suspect

There’s an amazing and very scary story of a guy who was ratted out to the police by Google for riding his bike by a house that was burglarised.

“It was a nightmare scenario,” McCoy recalled. “I was using an app to see how many miles I rode my bike and now it was putting me at the scene of the crime. And I was the lead suspect.”

Once McCoy realized his bike ride had placed him near the scene of the crime, he had a strong theory of why police had picked his device out of all the others swept up by the warrant. He and his lawyer set out to keep them from getting any more information about him – and persuade them that he was innocent.

“If you’re innocent, that doesn’t mean you can’t be in the wrong place at the wrong time, like going on a bike ride in which your GPS puts you in a position where police suspect you of a crime you didn’t commit,” McCoy said.

You can read the whole thing here, and it is well worth a read. If you’d rather have it in podcast form and can wait a day or two, you’re in luck because I plan to cover it on the next episode of The Private Citizen on Wednesday. You can subscribe to the show with this RSS feed.

New US Law Will Probably Sacrifice Encryption on the Altar of Combatting Child Pornography

Lawmakers are justifying a push to completely burn all encryption to the ground with child porn? Colour me surprised!

On Thursday, a bipartisan group of US senators introduced legislation with the ostensible purpose of combating child sexual abuse material (CSAM) online – at the apparent cost of encryption.

The law bill is called the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act, which folds up into the indignant acronym EARN IT. (See also the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act, aka the USA PATRIOT Act.)

Backed by senators Lindsey Graham (R-SC), Richard Blumenthal (D-CT), Josh Hawley (R-MO) and Dianne Feinstein (D-CA), the proposed law intends to make technology companies “earn” their exemption from liability allowed under Section 230 of the US Communications Decency Act by requiring internet companies to follow a set of best practices to keep CSAM off their networks.

Wait for it…

The best practices contemplated by the lawmakers have yet to be spelled out; they’re to be determined by a 19-member government commission that includes 4 non-government experts or “survivors of online child sexual exploitation.” Input from these four can be ignored, however, since the best practices require approval only of 14 commissioners. After that, the US Attorney General (AG), who is on the commission, can accept the guidelines, if the heads of the FTC and DHS agree, or send them back to be reformulated.

And therein lies the issue: based on the US government’s ongoing efforts to demonize encryption for leaving law enforcement in the dark and AG William Barr’s public opposition to encryption, technical experts expect the guidelines will force technology platforms to avoid encryption they can’t undo on-demand in order to check for the presence of CSAM.

“Because the AG continually lambastes end-to-end encrypted messaging for cloaking pedophiles’ exchanges of CSAM and grooming of child victims, this is code for ‘encryption is not a viable alternative best practice,’” explained Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society, in a blog post. “This will be used to discourage any ‘product design’ that includes encryption that isn’t backdoored for law enforcement.”

I’d say all of this is media hyperbole, but The Register is pretty level-headed when it comes to politics and based on what I’ve seen of similar initiatives over the last twenty years, I completely buy their take on this.

The Hitchhiker’s Guide to the Galaxy is 42

Douglas Adams’ classic, The Hitchhiker’s Guide to the Galaxy, turned 42 on the weekend. The Register has a nice retrospective.

The weekend marked the 42nd anniversary of the first broadcast of The Hitchhiker’s Guide to the Galaxy, the hugely influential BBC radio show.

42 is a significant number for fans of the innovative series by Douglas Adams so (carefully) pour yourself a Pan Galactic Gargle Blaster, wrap yourself in a towel and join The Register for a trip back to 1978, when the BBC decided to do something quite different.

Also Noteworthy

Some other stories that you might find interesting:


This is an archived issue of my daily newsletter FOXTROT/ALFA. You can find more information about it, including how to subscribe via email, on this page.