> I think we need to dig into what is happening here, which is that, when faced with a system that presents itself as a listening, eager interlocutor that’s hearing us and responding to us, that we seem to fall into a kind of trance in relation to these systems, and almost counterfactually engage in some kind of wish fulfillment: thinking that they’re human, and there’s someone there listening to us.

26/

> It’s like when you’re a kid, and you’re telling ghost stories, something with a lot of emotional weight, and suddenly everybody is terrified and reacting to it. And it becomes hard to disbelieve.

Whittaker sets such a high bar for tech criticism.

27/

I had her clarity in mind in 2021, when I collaborated with @eff's #BennettCyphers on "Privacy Without Monopoly," our white-paper addressing the claim that we need giant tech platforms to protect us from the privacy invasions of smaller "rogue" operators:

https://www.eff.org/wp/interoperability-and-privacy

This is a claim that is most often raised in relation to #Apple and its #AppStore model, which is claimed to be a bulwark against commercial surveillance.

28/

That claim has some validity: after all, when Apple added a one-click surveillance opt-out to #Ios, its mobile OS. 96% of users clicked the "don't spy on me" button. Those clicks cost Facebook *$10b* in just the following year. You *love* to see it.

But Apple is a #GamekeeperTurnedPoacher. Even as it was blocking Facebook's surveillance, it was conducting its own, nearly identical, horrifyingly intrusive surveillance of every Ios user.

29/

It spied for the same purpose as Facebook (ad targeting) and lying about it:

https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

Bennett and I couldn't have asked for a better example of the point we make in "Privacy Without Monopoly": the thing that stops companies from spying on you isn't their moral character, it's the threat of competition and/or regulation.

30/

If you can modify your device in ways that cost its manufacturer money (say, by installing an alternative app store), then the manufacturer has to earn your business every day.

That might actually make them better - and if it doesn't, you can switch. The right way to make sure the stuff you install on your devices respects your privacy is by passing privacy laws - not by hoping that Tim Apple decides you deserve a private life.

31/

Bennett and I followed up "Privacy Without Monopoly" with an appendix that focused on a territory where there is a privacy law: the EU, whose (patchily enforced) #GeneralDataProtectionRegulation (#GDPR) is the kind of privacy law that we call for in the original paper. In that appendix, we addressed the issues of GDPR enforcement:

https://www.eff.org/wp/interoperability-and-privacy#gdpr

32/

More importantly, we addressed the claim that the GDPR crushed competition, by making it harder for smaller (and *even sleazier*) ad-tech platforms to compete with Google and Facebook. It's true, but that's OK: we want competition to see who can respect technology users' rights - not competition to see who can violate those rights most efficiently:

https://www.eff.org/deeplinks/2021/06/gdpr-privacy-and-monopoly

33/

Around the time Bennett and I published the EU appendix to our paper, I was contacted by the *#IndianJournalOfLawAndTechnology* to see whether I could write something on similar lines, focused on the situation in #India. Well, it took two years, but we've finally published it: "Securing Privacy Without Monopoly In India: Juxtaposing Interoperability With Indian Data Protection":

https://www.ijlt.in/post/securing-privacy-without-monopoly-in-india-juxtaposing-interoperability-with-indian-data-protection

34/

The Indian case for interop incorporates the US and EU case, but with some fascinating wrinkles. First, there are the broad benefits of allowing technology adaptation by people who are often left out of the frame when tools and systems are designed. As the saying goes, "nothing about us without us" - the users of technology know more about their needs than any designer can hope to understand.

35/

That's doubly true when designers are wealthy geeks in Silicon Valley and the users are poor people in the #GlobalSouth.

India, of course, has its own highly advanced domestic tech sector, who could be a source of extensive expertise in adapting technologies from US and other offshore tech giants for local needs.

36/

India also has a complex and highly contested privacy regime, which is in extreme flux between high court decisions, regulatory interventions, and legislation, both passed and pending.

Finally, there's India's long tradition of ingenious technological adaptations, locally called #jugaad, roughly equivalent to the English "#MendAndMakeDo."

37/

While every culture has its own way of celebrating cleverness this kind of ingenuity is elevated to an art form in the global south: think of #JuaKali (Swahili), #gambiarra (Brazilian Portuguese) and #bricolage (France and its former colonies).

It took a *long* time to get this out, but I'm really happy with it, and I'm extremely grateful to my brilliant and hardworking research assistants from #NationalLawSchoolOfIndiaUniversity: #DhruvJain, #KshitijGoyal and #SarthakWadhwa.

38/

I don't claim that any of the incarnations of the "Privacy Without Monopoly" paper rise to the clarity of the works of Green or Whittaker, but that's okay, because I have another arrow in my quiver: *fiction*. For more than 20 years, I've written science fiction that tries to make legible and urgent the often dry and abstract concepts I address in my nonfiction.

39/

One issue I've been grappling with for *literally* decades is the implications of #TrustedComputing, a security model that uses a second, secure computer, embedded in your device, to observe and report on what your main computer is doing. There are *lots* of implications for this, both horrifying and amazing.

40/

For example, having a second computer inside your device that watches it is a theoretically unbeatable way of catching malicious software, resolving the conundrum of malware: if you think your computer is infected and can't be trusted, then how can you trust the antivirus software running on that computer.

41/

Back in 2016, @bunnie and #EdwardSnowden released the #IntrospectionEngine, a separate computer that you could install in an Iphone, which would tell you whether it was infected with spyware:

https://www.tjoe.org/pub/direct-radio-introspection/release/2

But while there are some really interesting *positive* applications for this kind of software, the negative ones - unbeatable #DRM and tamper-proof #bossware - are genuinely horrifying.

42/

My novella "Unauthorized Bread" digs into this, putting blood and sinew into an otherwise dry abstract and skeletal argument:

https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/

43/

Then there are applications that are somewhere in between, like #RemoteAttestation (when the secure computer signs a computer-readable description of what your computer is doing so that you can prove things about your computer and its operation to people who don't trust you, but do trust that secure computer).

Remote attestation is the McGuffin of *Red Team Blues*, my latest novel, a crime-thriller about a #cryptocurrency heist.

44/

The novel opens with the keys to a #SecureEnclave - the gadget that signs the attestations in remote attestation - going missing.

When Matt Green reviewed *Red Team Blues* (his first book review!), he singled this out as a technically rigorous *and* significant plot point, because secure enclaves are designed so that they can't be updated (if you can update an enclave, then you can update it with malicious software):

https://blog.cryptographyengineering.com/2023/04/24/book-review-red-team-blues/

45/

This means bugs in secure enclaves can last forever. Worse, if the keys for a secure enclave ever leak, then there's no way to update all the secure enclaves out there in the world - millions or billions of them - to fix it.

Well, it's happened.

The keys for the secure enclaves in #MicroStarInternational (AKA #MSI) computers, a massive manufacturer of work and gaming PCs - have leaked and shown up on the "#ExtortionPortal" of a notorious crime gang:

https://arstechnica.com/information-technology/2023/05/leak-of-msi-uefi-signing-keys-stokes-concerns-of-doomsday-supply-chain-attack/

46/

As a security expert quoted by @arstechnica explains, this is a "doomsday scenario." That's more or less how it plays in my novel. The big difference between the MSI leak and the hack in my book is that the MSI keys were just sitting on a server, connected to the internet, which wasn't well-secured.

47/

In *Red Team Blues*, I went to enormous lengths to imagine a fiendishly complex, incredibly secure scheme for hosting these keys, and then dreamt up a way that the bad guys could defeat it. I toyed with the idea of having the keys leak due to rank incompetence, but I decided that would be an "idiot plot" ("a plot that only works if the characters are idiots"). Turns out, idiot plots may make for bad fiction, but they're happening around us all the time.

48/

In my real life, I cross a lot of disciplinary boundaries - law, politics, economics, human rights, security, technology. I'm not the world's leading expert in any of these domains, but I am well-enough informed about each that I'm able to find interesting ways that they fit together in a manner that is relatively rare, and is also (I think) useful.

49/

I admit to sometimes feeling insecure about this - being "one inch deep and ten miles wide" has its virtues, but there's no avoiding that, say, I know less about the law than a real lawyer, and less about computer science than a real computer scientist.

50/

That insecurity is partly why I'm so honored when I get to talk to experts across multiple disciplines. 2023 was a very good year for this, thanks to #UniversityCollegeLondon. Back in Feb, I was invited to speak as part of #UCL #InstituteOfBrandAndInnovationLaw's annual series on technology law:

https://www.ucl.ac.uk/laws/events/2023/feb/recording-chokepoint-capitalism-can-it-be-defeated

And next month, I'm giving #UCLComputerScience's annual #PeterKirstein lecture:

https://www.eventbrite.co.uk/e/peter-kirstein-lecture-2023-featuring-cory-doctorow-registration-539205788027

51/

Getting to speak to both the law school and the computer science school within a space of months is *hugely* gratifying, a real vindication of my theory that the virtues of my breadth make up for the shortcomings in my depth.

I'm getting a similar thrill from the domain experts who've been reviewing *Red Team Blues*. This week, @mariafarrell posted her #CrookedTimber review, "When crypto meant cryptography":

https://crookedtimber.org/2023/05/11/when-crypto-meant-cryptography/

52/

Farrell is a brilliant technology critic. Her work on "#ProdigalTechBros" is essential:

https://conversationalist.org/2020/03/05/the-prodigal-techbro/

So her review means a lot to me in general, but I was overwhelmed to read her describe how *Red Team Blues* taught her to "read again for joy" after #LongCovid "completely scrambled [her] brain."

53/

That meant a lot personally, but her review is even more gratifying when it gets into craft questions, like when she praises the descriptions as "so interesting and sociologically textured."

54/

I love her description of the book as "Dickensian": "it shoots up and down the snakes and ladders of San Francisco’s gamified dystopia of income inequality, one moment whizzing up the ear-poppingly fast elevator to a billionaire’s hardened fortress, the next sleeping under a bridge in a homeless encampment."

55/

And then, this kicker: "it’s a gorgeous rejection of the idea that long-form fiction is about individual subjectivity and the interior life. It’s about people as pinballs. They don’t just reveal things about the other objects they hit; their constant action and reaction reveals the walls that hold them all in."

Likewise, I was thrilled with #PeterWatts's review on his "No Moods, Ads or Cutesy Fucking Icons" blog::

https://www.rifters.com/crawl/?p=10578%22%3Ehttps://www.rifters.com/crawl/?p=10578

56/

Peter is a brilliant sf writer and worldbuilder, an accomplished scientist, and one of the world's most accomplished ranters. He's had more amazing ideas than I've had hot breakfasts:

https://locusmag.com/2018/05/cory-doctorow-the-engagement-maximization-presidency/

His review says some very nice and flattering things about me and my previous work, which is always great to read, especially for anyone with a chronic case of #ImpostorSyndrome.

57/

But what really mattered was the way he framed how I write villains: "The villains of Cory’s books aren’t really people; they’re systems. They wear punchable Human faces but those tend to be avatars, mere sock-puppets operated by the institutions that comprise the real baddies."

One could read that as a critique, but coming from Peter, it's praise - and it's praise that gets to the heart of my worldview, which is that our biggest problems are *systemic*, not *individual*.

58/

The problem of corporate greed isn't just that CEOs are monsters who don't care who they hurt - it's that our system is designed to *let them get away with it*. Worse, system design is such that the CEOs who *aren't* monsters are generally clobbered by the ones who are.

So much of our outlook is grounded in the moral failings or virtues of individuals.

59/

Tim Apple will keep our data safe, so we should each individually decide to reward him by buying his phones. If Tim Apple betrays us, we should "vote with our wallets" by buying something else. If you care about the climate, you should just stop driving. If there's no public transit, well, then maybe you should, uh, dig a subway?

60/

This is the mindset #MattBors skewers so expertly with his iconic #MrGotcha character: "Yet you participate in society. Curious! I am very smart":

https://thenib.com/mister-gotcha/

(Which reminds me, I am halfway through Bors's unbelievably, fantastically, screamingly awesome graphic novel "Justice Warriors," which turns the neoliberal caveat-emptor/personal-responsibility brain-worm into the basis for possibly the greatest superhero comic of all time:)

https://www.mattbors.com/books

61/

Watts finishes his review with:

> I’ve never fully come to terms with the general decency of Cory’s characters. Doctorow the activist lives in the trenches, fighting those who make their billions trading the details of our private lives, telling us that they own what we’ve bought, surveilling us for the greater good and even greater profits. He’s spent more time facing off against the world’s powerful assholes than I ever will. He knows how ruthless they are.

62/

> He knows, first-hand, how much of the world is clenched in their fists. By rights, his stories should make mine look like Broadway musicals.

> And yet, Doctorow the Author is—hopeful. The little guys win against overwhelming odds. Dystopias are held at bay. Even the bad guys, in defeat, are less likely to scorch the earth than simply resign with a show of grudging respect for a worthy opponent.

63/

I often get asked by readers - especially Pluralistic readers, which is heavy on scandals and corruption - how I keep going. Watts has the answer:

> Maybe it’s a fundamental difference in outlook. I’ve always regarded humans as self-glorified mammals, fighting endless and ineffective rearguard against their own brain stems; Cory seems to see us as more influenced by the angels of our better natures. Or maybe—maybe it’s not just his plots that are meant to be instructional.

64/

Maybe he’s deliberately showing us how we could behave as a species, in the same way he shows us how to fuck with DRM or foil face-recognition tech. Maybe it’s not that he subscribes to some Pollyanna vision of what we are; maybe he’s showing us what we could be.

Got it in one, Peter.

And...

It's also about what happens if we don't get better.

65/