net.wars

Gap year

What do Internet users want?

First, they want meaningful access. They want usability. They want not to be scammed, manipulated, lied to, exploited, or cheated.

It’s unlikely that any of the ongoing debates in either the US or UK will deliver any of those.

First and foremost, this week concluded two frustrating years in which the US Senate failed to confirm the appointment of Public Knowledge co-founder and EFF board member Gigi Sohn to the Federal Communications Commission. In her withdrawal statement, Sohn blamed a smear campaign by “legions of cable and media industry lobbyists, their bought-and-paid-for surrogates, and dark money political groups with bottomless pockets”.

Whether you agree or not, the result remains that for the last two years and for the foreseeable future the FCC will remain deadlocked and problems such as the US’s lack of competition and patchy broadband provision will remain unsolved.

Meanwhile, US politicians continue obsessing about whether and how to abort-retry-fail Section 230, that pesky 26-word law that relieves Internet hosts of liability for third-party content. This week it was the turn of the Senate Judiciary Committee. In its hearing, the Internet Society’s Andrew Sullivan stood out for trying to get across to lawmakers that S230 wasn’t – couldn’t have been – intended as protectionism for the technology giants because they did not exist when the law was passed. It’s fair to say that S230 helped allow the growth of *some* Internet companies – those that host user-generated content. That means all the social media sites as well as web boards and blogs and Google’s search engine and Amazon’s reviews, but neither Apple nor Netflix makes its living that way. Attacking the technology giants is a popular pasttime just now, but throwing out S230 without due attention to the unexpected collateral damage will just make them bigger.

Also on the US political mind is a proposed ban on TikTok. It’s hard to think of a move that would more quickly alienate young people. Plus, it fails to get at the root problem. If the fear is that TikTok gathers data on Americans and sends it home to China for use in designing manipulative programs…well, why single out TikTok when it lives in a forest of US companies doing the same kind of thing? As Karl Bode writes at TechDirt, if you really want to mitigate that threat, rein in the whole forest. Otherwise, if China really wants that data it can buy it on the open market.

Meanwhile, in the UK, as noted last week, opposition continues to increase to the clauses in the Online Safety bill proposing to undermine end-to-end encryption by requiring platforms to proactively scan private messages. This week, WhatsApp said it would withdraw its app from the UK rather than comply. However important the UK market is, it can’t possibly be big enough for Meta to risk fines of 4% of global revenues and criminal sanctions for executives. The really dumb thing is that everyone within the government uses WhatsApp because of its convenience and security, and we all know it. Or do they think they’ll have special access denied the rest of the population?

Also in the UK this week, the Data Protection and Digital Information bill returned to Parliament for its second reading. This is the UK’s post-Brexit attempt to “take control” by revising the EU’s General Data Protection Regulation; it was delayed during Liz Truss’s brief and destructive outing as prime minister. In its statement, the government talks about reducing the burdens on businesses without any apparent recognition that divergence from GDPR is risky for anyone trading internationally and complying with two regimes must inevitably be more expensive than complying with one.

The Open Rights Group and 25 other civil society organizations have written a letter (PDF) laying out their objections, noting that the proposed bill, in line with other recent legislation that weakens civil rights, weakens oversight and corporate accountability, lessens individuals’ rights, and weakens the independence of the Information Commissioner’s Office. “Co-designed with businesses from the start” is how the government describes the bill. But data protection law was not supposed to be designed for business – or, as Peter Geoghegan says at the London Review of Books, to aid SLAPP suits; it is supposed to protect our human rights in the face of state and corporate power. As the cryptography pioneer Whit Diffie said in 2019, “The problem isn’t privacy; it’s corporate malfeasance.”

The most depressing thing about all of these discussions is that the public interest is the loser in all of them. It makes no sense to focus on TikTok when US companies are just as aggressive in exploiting users’ data. It makes no sense to focus solely on the technology giants when the point of S230 was to protect small businesses, non-profits, and hobbyists. And it makes no sense to undermine the security afforded by end-to-end encryption when it’s essential for protecting the vulnerable people the Online Safety bill is supposed to help. In a survey, EDRi finds that compromising secure messaging is highly unpopular with young people, who clearly understand the risks to political activism and gender identity exploration.

One of the most disturbing aspects of our politics in this century so far is the widening gap between what people want, need, and know and the things politicians obsess about. We’re seeing this reflected in Internet policy, and it’s not helpful.

Illustrations: Andrew Sullivan, president of the Internet Society, testifying in front of the Senate Judiciary Committee.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Follow on Mastodon or Twitter.

Ghostwritten

This week’s deliberate leak of 100,000 WhatsApp messages sent between the retiring MP Matt Hancock (Con-West Suffolk) and his cabinet colleagues and scientific advisers offers several lessons for the future. Hancock was the health minister during the first year of the covid-19 pandemic, but forced to resign in June 2021, when he was caught on a security camera snogging an adviser in contravention of the social distancing rules.

The most ignored lesson relates to cybersecurity, and is simple: electronic messages are always at risk of copying and disclosure.

This leak happened to coincide with the revival of debates around the future of strong encryption in the UK. First, the pending Online Safety bill has provisions that taken together would undermine all encrypted communications. Simultaneously, a consultation on serious and organized crime proposes to criminalize “custom” encryption devices. A “dictionary attack”, Tim Cushing calls this idea at Techdirt, in that the government will get to define the crime at will.

The Online Safety Bill is the more imminent problem; it has already passed the House of Commons and is at the committee stage in the House of Lords. The bill requires service providers to protect children by proactively removing harmful content, whether public or private, and threatens criminal liability for executives of companies that fail to comply.

Signal, which is basically the same as WhatsApp without the Facebook ownership, has already said it will leave the country if the Online Safety bill passes with the provisions undermining encryption intact.

It’s hard to see what else Signal could do. It’s not a company that has to weigh its principles against the loss of revenue. Instead, as a California non-profit, its biggest asset is the trust of its user base, and staying in a country that has outlawed private communications would kill that off at speed. In threatening to leave it has company: the British secure communications company Element, which said the provisions would taint any secure communications product coming out of the UK – presumably even for its UK customers, such as the Ministry of Defence.

What the Hancock leak reminds us, however, is that encryption, even when appropriately strong and applied end-to-end, is not enough by itself to protect security. You must also be able to trust everyone in the chain to store the messages safely and respect their confidentiality. The biggest threat is careless or malicious insiders, who can undermine security in all sorts of ways. Signal (as an example) provides the ability to encrypt the message database, to disappear messages on an automated schedule, password protection, and so on. If you’re an activist in a hostile area, you may be diligent about turning all these on. But you have no way of knowing if your correspondents are just as careful.

In the case at hand, Hancock gave the messages to the ghost writer for his December 2022 book Pandemic Diaries, Isabel Oakeshott, after requiring her to sign a non-disclosure agreement that he must have thought would protect him, if not his colleagues, from unwanted disclosures. Oakeshott, who claims she acted in the public interest, decided to give the messages to the Daily Telegraph, which is now mining them for stories.

Digression: whatever Oakeshott’s personal motives, there is certainly public interest in these messages. The tone of many quoted exchanges confirms the public perception of the elitism and fecklessness of many of those in government. More interesting is the close-up look at decision making in conditions of uncertainty, which to some filled with hindsight looks like ignorance and impatience. It’s astonishing how quickly people have forgotten how much we didn’t know. As mathematician Christina Pagel told the BBC’s Newsnight, you can’t wait for more evidence when the infection rate is doubling every four days.

What they didn’t know and when they didn’t know it will be an important part of piecing together what actually happened. The mathematician Kit Yates has dissected another exchange, in which Boris Johnson queries his scientific advisers about fatality rates. Yates argues that in assessing this exchange timing ise everything. Had it been in early 2020, it would be understandable to confuse infection fatality rates and case fatality rates, though less so to confuse fractions (0.04) and percentages (4%). Yates pillories Johnson because in fact that exchange took place in August 2020, by which time greater knowledge should have conferred greater clarity. That said, security people might find familiar Johnson’s behavior in this exchange, where he appears to see the Financial Times as a greater authority than the scientists. Isn’t that just like every company CEO?

Exchanges like that are no doubt why the participants wanted the messages kept private. In a crisis, you need to be able to ask stupid questions. It would be better to have a prime minister who can do math and who sweats the details, but if that’s not what we’ve got I’d rather he at least asked for clarification.

Still, as we head into yet another round of the crypto wars, the bottom line is this: neither technology nor law prevented these messages from leaking out some 30 years early. We need the technology. We need the law on our side. But even then, your confidences are only ever as private as your correspondent(s) and their trust network(s) will allow.

Illustrations: The soon-to-be-former-MP Matt Hancock, on I’m a Celebrity.

A world of lawsuits

In the US this week the Supreme Court heard arguments in two cases centered on Section 230, the US law that shields online platforms from liability for third-party content. In Paris, UNESCO convened Internet for Trust to bring together governments and civil society to contemplate global solutions to the persistent problems of Internet regulation. And in the business of cyberspace, in what looks like desperation to stay afloat Twitter began barring non-paying users (that is, the 99.8% of its user base that *doesn’t* subscribe to Twitter Blue) from using two-factor authentication via SMS and Meta announced plans for a Twitter Blue-like subscription service for its Facebook, Instagram, and WhatsApp platforms.

In other words, the above policy discussions are happening exactly at the moment when, for the first time in nearly two decades, two of the platforms whose influence everyone is most worried about may be beginning to implode. Twitter’s issues are well-known. Meta’s revenues are big enough that there’s a long way for them to fall…but the company is spending large fortunes on developing the Metaverse, which no one may want, and watching its ad sales shrink and data protection fines rise.

The SCOTUS hearings – Gonzalez v. Google, experts’ live blog, Twitter v. Taamneh – have been widely covered in detail. In most cases, writers note that trying to discern the court’s eventual ruling from the justices’ questions is about as accurate as reading tea leaves. Nonetheless, Columbia professor Tim Wu predicts that Gonzalez will lose but that Taamneh could be very close.

In Gonzalez, the parents of a 23-year-old student killed in a 2015 ISIS attack in Paris argue that YouTube should be liable for radicalizing individuals via videos found and recommended on its platform. In Taamneh, the family of a Jordanian citizen who died in a 2017 ISIS attack in Istanbul sued Twitter, Google, and Facebook for failing to control terrorist content on their sites under anti-terrorism laws. A ruling assigning liability in either case could be consequential for S230. At TechDirt, Mike Masnick has an excellent summary of the Gonzalez hearing, as well as a preview of both cases.

Taamneh, on the other hand, asks whether social media sites are “aiding and abetting” terrorism via their recommendations engines under Section 2333 of the Antiterrorism and Effective Death Penalty Act (1996). Under the Justice Against Sponsors of Terrorism Act (2016) any US national who is injured by an act of international terorrism can sue anyone who “aids and abets by knowingly providing substantial assistance” to anyone committing such an act. The case turns on how much Twitter knows about its individual users and what constitutes substantial assistance. There has been some concern, expressed in amicus briefs, that making online intermediaries liable for terrorist content will result in overzealous content moderation. Lawfare has a good summary of the cases and the amicus briefs they’ve attracted.

Contrary to what many people seem to think, while S230 allows content moderation, it’s not a law that disproportionately protects large platforms, which didn’t exist when it was enacted. As Kosseff tells Gizmodo: without liability protection a local newspaper or personal blog could not risk publishing reader comments, and Wikipedia could not function. Justice Elena Kagan has been mocked for saying the justices are “not the nine greatest experts on the Internet”, but she grasped perfectly that undermining S230 could create “a world of lawsuits”.

For the last few years, both Democrats and Republicans have called for S230 reform, but for different reasons. Democrats fret about the proliferation of misinformation; Republicans complain that they (“conservative voices”) are being censored. The global level seen at the UNESCO event took a broader view in trying to draft a framework for self-regulation. While it wouldn’t be binding, there’s some value in having an multi-stakeholder-agreed standard against which individual governmental proposals can be evaluated. One of the big gaps in the UK’s Online Safety bill;, for example, is the failure to tackle misinformation or disinformation campaigns. Neither reforming S230 nor a framework for self-regulation will solve that problem either: over the last few years too much of the most widely-disseminated disinformation has been posted from official accounts belonging to world leaders.

One interesting aspect is how many new types of “content” have been created since S230’s passage in 1996, when the dominant web analogy was print publishing. It’s not just recommendation algorithms; are “likes” third-party content? Are the thumbnails YouTube’s algorithm selects to show each visitor on its front page to entice viewers presentation or publishing?

In his biography of S230, The Twenty-Six Words That Created the Internet, Jeff Kosseff notes that although similar provisions exist in other legislation across the world, S230 is unique in that only America privileges freedom of speech to such an extreme extent. Most other countries aim for more of a balance between freedom of expression and privacy. In 1997, it was easy to believe that S230 enabled the Internet to export the US’s First Amendment around the world like a stowaway. Today, it seems more like the first answer to an eternally-recurring debate. Despite its problems, like democracy itself, it may continue to be the least-worst option.

Illustrations: US senator and S230 co-author Ron Wyden (D-OR) in 2011 (by JS Lasica via Wikimedia.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an archive of earlier columns backj to 2001. Follow on Mastodon or Twitter.

Esquivalience

The science fiction author Charles Stross had a moment of excitement on Mastodon this week: WRITER CHALLENGE!.

Stross challenged writers to use the word “esquivalience” in their work. The basic idea: turn this Pinocchio word into a “real” word.

Esquivalience is the linguistic equivalent of a man-made lake. The creator, editor Christine Lindberg, invented it for the 2001 edition of the New American Oxford Dictionary and defined it as “the willful avoidance of one’s official responsibilities; the shirking of duties”. It was a trap to catch anyone republishing the dictionary rather than developing their own (a job I have actually done). This is a common tactic for protecting large compilations where it’s hard to prove copying – fake streets are added to maps, for example, and the people who rent out mailing lists add ringers whose use will alert them if the list is used outside the bounds of the contractual agreement.

There is, however, something peculiarly distasteful about fake entries in supposedly authoritative dictionaries, even though I agree with Lindberg that “esquivalience” is a pretty useful addition to the language. It’s perfect – perhaps in the obvious adjectival form “esquivalient” – for numerous contemporary politicians, though here be dragons: “willful” risks libel actions.

Probably most writers have wanted to make up words, and many have, from playwright and drama critic George S. Kaufman, often credited for coining, among other things, “underwhelmed”, to Anthony Burgess, who invented an entire futurist street language for A Clockwork Orange. Some have gone so far as to create enough words to publish dictionaries – such as the humorist Gelett Burgess, whose Burgess Unabridged (free ebook!) compiles “words you’ve always needed”. From that collection, I have always been particularly fond of Burgess’s “wox”, defined as “a state of placid enjoyment; sluggish satisfaction”. It seems particularly apt in the hours immediately following Thanksgiving dinner.

In these cases, though, the context lets you know the language is made up. The dictionary is supposed to be authoritative, admitting words only after they are well-established. The presence of fake words feels damaging in a way that a fake place on a map doesn’t. It’s comparatively easy to check whether a place exists by going there, but at some point down the echoing corridors of time *every* word was used for the first time. Pinpointing exactly when is hard unless someone ‘fesses up. I don’t like the idea that my dictionary is lying to me. Better if NOAD had planted two fake words and had them recursively point at each other for their definitions.

I had been avoiding the ChatGPT hoopla, but it seemed plausible to ask it: Is “esquivalience” a real word?” Its response started well enough: “‘Esquivalience’ is not recognized as a standard word in the English language. It is a made-up word…” And then cuckoo land arrived: “…that was created by a writer named Adam Jacot de Boinod for his book “The Meaning of Tingo”.” Pause to research. The book in question was written in 2006. The word “esquivalience” does not, from a quick text search, appear in it. Huh? I went on to suggest Christine Lindberg’s name to ChatGPT, and after a digression attributing the word to the singer-songwriter Christine Lavin, it appeared to find references to Lindberg’s “claim” in its corpus of data. But, it continued to warn, in every response, “it is still not recognized as a standard word in the English language”. It’s a bot. It’s not being stern. It doesn’t know what it’s saying. Getting it to agree on Christine Lindberg as the original source isn’t winning the argument. It’s just giving it a different prompt.

I ask if it has ever encountered the word “wox”. “As an AI language model, I have certainly come across the word ‘wox’.” A human reads lightly insulted pride into that. Resist. It’s a bot. It has no pride. The bot went on to speculate on possible origins (“it may be a neologism…”). I ask if it’s heard of Gelett Burgess. Oh, yes, followed by a short biography. Then, when told Burgess invented “wox”: “Gelett Burgess did indeed invent the word…” and goes on to cite the correct book…but then continues that Burgess defined it as “to make fun of, to poke fun at” which is absolutely not what Burgess says, and I know this because I have the original 1914 book right here, and the definition I cited above is right there on p112. The bot does “apologize” every time you point out a mistake, though.

This isn’t much of a sample, but based on it, I find ChatGPT quite alarming as an extraordinarily efficient way of undermining factual knowledge. The responses sound authoritative, but every point must be fact-checked. It could not be worse-suited for today’s world, where everyone wants fast answers. Coupled with search, it turns the algorithms that give us answers into even more obscure and less trustworthy black boxes. Wikipedia has many flaws, but its single biggest strength is its sourcing and curation; how every page has been changed and shaped over the years is open for inspection.

So when ChatGPT went on to say that Gelett Burgess is widely credited with coining the term “blurb”, Wikipedia is where I turned. Wikipedia agrees (asked, ChatGPT cites the Oxford English Dictionary). Burgess FTW.

Illustrations: Gelett Burgess’s 1914 Burgess Unabridged, a dictionary of made-up words.

Review: Survival of the Richest

A former junior minister who’d been a publicity magnet while in office once told me that it’s impossible to travel on the tube when you’re famous – except in morning rush hour, when everyone glumly hides behind their newspaper. (This was some while ago, before smartphones.)

It was the first time I’d realized that if you were going to be famous it was wise to also be rich enough to buy yourself some personal space. The problem we face today is that we have multi-billionaires who are so rich that they can surround themselves with nothing *but* personal space, and rain in the form of other people never falls into their lives.

In fact, as Douglas Rushkoff writes in Survival of the Richest, this class of human sees the rest of us as an impediment to their own survival. Instead, they want to extract everything they can from us and then achieve escape velocity as completely as possible.

Rushkoff came to realize this when he was transported far out into the American southwestern desert by a pentangle of multi-billionaires who wanted advice: what, in his opinion, was the best way to hide from out and survive various prospective catastrophes (“The Event”)? Climate change, pandemics, mass migration, and resource depletion – where to go and for how long? Alaska, New Zealand, Mars, or the Metaverse: all their ideas about the future involved escaping humanity. Except: what, one wanted to know, would be the best way to keep control of their private security force?

This was the moment when Rushkoff discovered what he calls “The Mindset”, whose origins and development are what the book is really about. It is, he writes, “a mindset where ‘winning’ means earning enough money to insulate themselves from the damage they are creating by earning money in that way. It’s as if they want to build a car that goes fast enough to escape from its own exhaust”. The Mindset is a game – and a game needs an end: in this case, a catastrophe they can invent a technology to escape.

He goes on to tease out the elements of The Mindset: financial abstraction, Richard Dawkins’ memes that see humans as machines running code with no pesky questions of morals, technology design, the type of philanthropy that hands out vaccines but refuses to waive patents so lower-income countries can make them. The Mindset comprehends competition, but not collaboration even though, as Rushkoff notes, our greatest achievement, science, is entirely collaborative.

‘Twas not ever thus. Go back to Apple’s famous 1984 Super Bowl ad and recall the promise that ushered in the first personal computers: empower the masses and destroy the monolith (at the time, IBM). Now, the top 0.1% compete to “win” control of all they survey, the top 1% scrabble for their pocket change, and the rest subsist on whatever is too small for them to notice. This is not the future we thought we were buying into.

As Rushkoff concludes, the inevitability narrative that accompanies so much technological progress is nonsense. We have choices. We can choose to define value in social terms rather than exit strategies. We can build companies and services – and successful cooperatives – to serve people and stop expanding them when they reach the size that fits their purpose. We do not have to believe today’s winners when they tell us a more equitable world is impossible. We don’t need escape fantasies; we can change reality.

Inappt

Recently, it took a flatwoven wool rug cmore than two weeks to travel from Luton, Bedfordshire to southwest London. The rug’s source – an Etsy seller – and I sent back and forth dozens of messages. It would be there tomorrow. Oh, no, the courier now says Wednesday. Um, Friday. Er, next week. I can send you a different rug, if you want to choose one. No.

In the end, the rug arrived into my life. I don’t dare decide it’s the wrong color.

I would dismiss this as a one-off aberration, except that a few weeks ago the intended recipient of a parcel sent at the beginning of November casually mentioned they had never received it. Upon chasing, the courier company replied: “Despite an extensive investigation, we have not been able to locate your parcel.”

I would dismiss those as a two-off aberration except that late last year the post office tracking on yet another item went on showing it stuck in some unidentifiable depot somewhere for two weeks. Eventually, I applied brain and logic and went down to the nearest delivery office and there it was, waiting for me to pay the customs fee specified on the card I never received. It was only a few days away from being sent back.

And I would dismiss those as a three-off aberration except that two weeks ago I was notified to expect a package from a company whose name I didn’t recognize between 7pm and 9pm. I therefore felt perfectly safe to go into the room furthest from the front door, the kitchen, and wash some dishes at 5:30. Nope. They delivered at 5:48, I didn’t hear them, and I had a hard time figuring out whom to contact to persuade them to redeliver.

The point about all this is not to yell at random couriers to get off my lawn but to note that at least this part of the app-based economy has stopped delivering the results it promised. Less than ten years since these companies set out to disrupt delivery services by providing lower prices, accurate information, on-time deliveries, and constant tracking, we’re back to waiting at home for unspecified numbers of hours wondering if they’re going to show and struggling to trace lost packages. Only this time, there’s no customer service, working conditions and pay are much worse for drivers and delivery folk, and the closure of many local outlets has left us all far more dependent on them.

***

Also falling over this week, as widely reported (because: journalists), was Twitter, which for a time on Wednesday barred posting new tweets unless they were posted via the kind of scheduling software that the site is limiting). Many of us have been expecting outages ever since November, when Charlie Warzel at The Atlantic and Chris Stokel-Walker at MIT Technology Review interviewed Twitter engineers past and present. All of them warned that the many staff cuts and shrinking budgets have left the service undersupplied with people who can keep the site running and that outages of increasing impact should be expected.

Nonetheless, the “Apocalypse, Now!” reporting that ensued was about as sensible as the reporting earlier in the week that the Fediverse was failing to keep the Tweeters who flooded there beginning in November. In response, https://www.techdirt.com/2023/02/08/lazy-reporters-claiming-fediverse-is-slumping-despite-massive-increase-in-usage/ Mike Masnick noted at TechDirt how silly this was. Because: 1) There’s a lot more to the Fediverse than just Mastodon, which is all these reporters looked at; 2) even then, Mastodon had lost a little from its peak but was still vastly more active than before November; 3) it’s hard for people to change their habits, and they will revert to what’s familiar if they don’t see a reason why they can’t; and 4) it’s still early days. So, meh.

However, Zeynep Tufekci reminds that Twitter’s outage is entertainment only for the privileged; for those trying to coordinate rescue and aid efforts for Turkey, Twitter is an essential tool.

***

While we’re sniping at the failings of current journalism, it appears that yet another technology has been overhyped: DoNotPay, “the world’s first robot lawyer”, the bot written by a British university student that has supposedly been helping folks successfully contest traffic tickets. Masnick (again) and Kathryn Tewson have been covering the story for TechDirt. Tewson, a paralegal, has taken advantage of the fact that cities publish their parking ticket data in order to study DoNotPay’s claims in detail.

TechDirt almost ran a skeptical article about the service in 2017. Suffice to say that now Masnick concludes, “I wish that DoNotPay actually could do much of what it claims to do. It sounds like it could be a really useful service…”

***

The pile-up of this sort of thing – apps that disrupt and then degrade service, technology that’s overhyped (see also self-driving cars), flat-out fraud (see cryptocurrencies), breathless media reporting of nothing much – is probably why I have been unable to raise any excitement over the wow-du-jour, ChatGPT. It seems obvious that of course it can’t read, and can’t understand anything it’s typing, and that sober assessment of what it might be good for is some way off. In the New Yorker, Ted Chiang puts it in its place: think of it as a blurred JPEG. Sounds about right.

Illustrations: Drunk parrot (taken by Simon Bisson).

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard – or follow on Mastodon or Twitter.

Disequilibrium

“Things like [the Net[ tend to be self-balancing,” (then) IBM security engineer David Chess tells Andrew Leonard at the end of his 1997 book Bots: The Origin of New Spccies. “If some behavior gets so out of control that it really impacts the community, the community responds with whatever it takes to get back to an acceptable equilibrium. Organic systems are like that.”

When Leonard was writing, Usenet was the largest social medium. Quake was the latest hot video game, and text-only multi-player games were still mainstream. CompuServe and AOL were competing to be the biggest commercial information service. In pocket computers, the Palm Pilot was a year old and selling by the million. And: everyone still used modems; broadband trials were two years away.

It was also a period of what Leonard calls “decentralized anarchy”: that is, the web was new and open (and IRC and Usenet were old and open), and it was reasonable to predict that bots would be the newest wave of personal empowerment.

Here in 2023, we’ve spent the last ten years complaining about the increasing centralization of the web, and although bots are in fact all around us, no service provides the kind of tools that would allow the technologically limited to write them and dispatch them to do our bidding. In fact, on the corporately-owned web, bots only exist if some large company agrees they may. Yesterday, Twitter decided it doesn’t agree to their existence any more, at least not for free; as of February 9 developers must pay for access to Twitter’s application programming interface, which was free until now. Pricing is yet to be announced.

APIs are gateways through which computer programs can interoperate. Twitter’s APIs allow developers to build apps that let users analyze their social graph, block abuse, manage ad campaigns, log in to other sites across the web, and, lately, help you find and connect with the people in your Twitter list who are also on Mastodon; they also enable researchers to study online behavior and make possible apps that roll threads into a correctly ordered single page and many more, as Jess Wetherbed explains at The Verge. Many of these uses are not revenue-generating and not intended to be; most will likely shut down. It will be a fascinating chance to discover what bots have actually been doing for us on the service. Their absence will expose Twitter’s bare bones.

However, as Charles Arthur writes at his Social Warming Substack, the move won’t deter the *other* kind of bots – that is, the ones people complain about: paid influencers, scammers, automated accounts, and so on, which can’t be killed at scale and aren’t using the API.

This all follows Twitter’s move two weeks ago to block third-party clients without notice. Granted, Twitter needs money: its change of ownership loaded its balance sheet with debt, its ad revenues have reportedly plummeted, and its efforts to find new revenue streams are not going well. If fears of Twitter’s demise and the return of users previously banned for bad behavior weren’t enough to send users scrambling to other services, this new move, as Mike Masnick quips at TechDirt, seems perfectly designed to send even more users and developers to Mastodon, where openness is a founding principle and therefore where years of effort can’t be undone in a second by owner decree.

The really interesting question is not so much whether Twitter can survive as a closed-garden paywalled channel, which seems to be its direction of travel, but whether its enclosure represents the kind of disruption that Chess was talking about: one that becomes an inflection point. Earlier attempts to swim against the tide of centralization represented by Facebook and the rest of Web 2.0, such as the 2010-founded Diaspora, have never really caught fire.

It’s tempting to make tennis analogies: often, when a new champion becomes dominant a contributing factor is nerves or self-destruction on the part of the top players they have to beat. And right now there’s Twitter destroying its assets to suit the whims of a despotic owner, Facebook panic-spending to try to secure itself a future with technology it hopes will restore the company’s youthful glow, the ad market that supports all these companies shrinking, and governments setting privacy and antitrust laws to stun.

It’s also true that users are different now. The teens who lied about their ages to get onto Facebook in 2010 are in their mid-20s. An increasing number of the 40-something parents of today’s teens have had broadband Internet access their entire adult lives. The users exploding into the combination of smart phones and social media in 2010 needed much more help than they do today, help that slick user design provided. But part of that promise was also keeping users safe – and there the social media companies have failed in all directions and at all scales.

If this really is the moment where the Internet reverts to decentralized anarchy and rediscovers the joys of connecting without the data collection, intrusive advertising, and manipulation, governments will seek to reimpose control. And the laws to help them – for example, Britain’s Online Safety bill – are close to passage. This will be a rough ride.

Illustrations: The Twitter bird flying upside down.

Re-centralizing

But first, a housekeeping update. Net.wars has moved – to a new address and new blogging software. For details, see here. If you read net.wars via RSS, adjust your feed to https://netwars.pelicancrossing.net. Past posts’ old URLs will continue to work, as will the archive index page, which lists every net.wars column back to November 2001. And because of the move: comments are now open for the first time in probably about ten years. I will also shortly set up a mailing list for those who would rather get net.wars by email.

***

This week the Ada Lovelace Institute held a panel discussion of ethics for researchers in AI. Arguably, not a moment too soon.

At Noema magazine, Timnet Gebru writes, as Mary L Gray and Siddharth Suri have previously, that what today passes for “AI” and “machine learning” is, underneath, the work of millions of poorly-paid marginalized workers who add labels, evaluate content, and provide verification. At Wired, Gebru adds that their efforts are ultimately directed by a handful of Silicon Valley billionaires whose interests are far from what’s good for the rest of us. That would be the “rest of us” who are being used, willingly or not, knowingly or not, as experimental research subjects.

Two weeks ago, for example, a company called Koko ran an experiment offering chatbot-written/human-overseen mental health counseling without informing the 4,000 people who sought help via the “Koko Cares” Discord server. In a Twitter thread. company co-founder Rob Morris said those users rated the bot’s responses highly until they found out a bot had written them.

People can build relationships with anything, including chatbots, as was proved in 1996 with the release of the experimental chatbot therapist Eliza. People found Eliza’s responses comforting even though they knew it was a bot. Here, however, informed consent processes seem to have been ignored. Morris’s response, when widely criticized for the unethical nature of this little experiment was to say it was exempt from informed consent requirements because helpers could opt whether to use the chatbot’s reponses and Koko had no plan to publish the results.

One would like it to be obvious that *publication* is not the biggest threat to vulnerable people in search of help. One would also like modern technology CEOs to have learned the right lesson from prior incidents such as Facebook’s 2012 experiment to study users’ moods when it manipulated their newsfeeds. Facebook COO Sheryl Sandberg apologized for *how the experiment was communicated*, but not for doing it. At the time, we thought that logic suggested that such companies would continue to do the research but without publishing the results. Though isn’t tweeting publication?

It seems clear that scale is part of the problem here, like the old saying, one death is a tragedy; a million deaths are a statistic. Even the most sociopathic chatbot owner is unlikely to enlist an experimental chatbot to respond to a friend or family member in distress. But once a screen intervenes, the thousands of humans on the other side are just a pile of user IDs; that’s part of how we get so much online abuse. For those with unlimited control over the system we must all look like ants. And who wouldn’t experiment on ants?

In that sense, the efforts of the Ada Lovelace panel to sketch out the diligence researchers should follow are welcome. But the reality of human nature is that it will always be possible to find someone unscrupulous to do unethical research – and the reality of business nature is not to care much about research ethics if the resulting technology will generate profits. Listening to all those earnest, worried researchers left me writing this comment: MBAs need ethics. MBAs, government officials, and anyone else who is in charge of how new technologies are used and whose decisions affect the lives of the people those technologies are imposed upon.

This seemed even more true a day later, at the annual activists’ gathering Privacy Camp. In a panel on the proliferation of surveillance technology at the borders, speakers noted that every new technology that could be turned to helping migrants is instead being weaponized against them. The Border Violence Monitoring Network has collected thousands of such testimonies.

The especially relevant bit came when Hope Barker, a senior policy analyst with BVMN, noted this problem with the forthcoming AI Act: accountability is aimed at developers and researchers, not users.

Granted, technology that’s aborted in the lab isn’t available for abuse. But no technology stays the same after leaving the lab; it gets adapted, altered, updated, merged with other technologies, and turned to uses the researchers never imagined – as Wendy Hall noted in moderating the Ada Lovelace panel. And if we have learned anything from the last 20 years it is that over time technology services enshittify, to borrow Cory Doctorow’s term in a rant which covers the degradation of the services offered by Amazon, Facebook, and soon, he predicts, TikTok.

The systems we call “AI” today have this in common with those services: they are centralized. They are technologies that re-advantage large organizations and governments because they require amounts of data and computing power that are beyond the capabilities of small organizations and individuals to acquire. We can only rent them or be forced to use them. The ur-evil AI, HAL in Stanley Kubrick’s 2001: A Space Odyssey taught us to fear an autonomous rogue. But the biggest danger with “AIs” of the type we are seeing today, that are being put into decision making and law enforcement, is not the technology, nor the people who invented it, but the expanding desires of its controller.

Illustrations: HAL, in 2001.

Wendy M. Grossman is the 2013 winner of the Enigma Award. Her Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns back to November 2001. Comment here, or follow on Mastodon or Twitter.

net.wars – 2023 and beyond

After 16 years, net.wars has a new site URL and new software. All the entries going back to 2006 will stay at the old site URL, but going forward you will find net.wars every Friday here, where you are now.

One consequence is that comments are now open (again, for those with very long memories). The old blog got so much spam that even putting up a post became a slow and difficult process, and the host recommended shutting them down. Another is that posts through last Friday, January 20, 2023. are static pages. To find old posts, either consult the archive page, which goes all the way back to November 2001, when net.wars began as a column for The Inquirer, or use DuckDuckGo (or some other search engine of your choice) to search.

Thanks for reading.