The reason you can’t buy a car is the same reason that your health insurer let hackers dox you

ALT

On July 14, I’m giving the closing keynote for the fifteenth HACKERS ON PLANET EARTH, in QUEENS, NY. Happy Bastille Day! On July 20, I’m appearing in CHICAGO at Exile in Bookville.

In 2017, Equifax suffered the worst data-breach in world history, leaking the deep, nonconsensual dossiers it had compiled on 148m Americans and 15m Britons, (and 19k Canadians) into the world, to form an immortal, undeletable reservoir of kompromat and premade identity-theft kits:

https://en.wikipedia.org/wiki/2017_Equifax_data_breach

Equifax knew the breach was coming. It wasn’t just that their top execs liquidated their stock in Equifax before the announcement of the breach – it was also that they ignored years of increasingly urgent warnings from IT staff about the problems with their server security.

Things didn’t improve after the breach. Indeed, the 2017 Equifax breach was the starting gun for a string of more breaches, because Equifax’s servers didn’t just have one fubared system – it was composed of pure, refined fubar. After one group of hackers breached the main Equifax system, other groups breached other Equifax systems, over and over, and over:

https://finance.yahoo.com/news/equifax-password-username-admin-lawsuit-201118316.html

Doesn’t this remind you of Boeing? It reminds me of Boeing. The spectacular 737 Max failures in 2018 weren’t the end of the scandal. They weren’t even the scandal’s start – they were the tipping point, the moment in which a long history of lethally defective planes “breached” from the world of aviation wonks and into the wider public consciousness:

https://en.wikipedia.org/wiki/List_of_accidents_and_incidents_involving_the_Boeing_737

Just like with Equifax, the 737 Max disasters tipped Boeing into a string of increasingly grim catastrophes. Each fresh disaster landed with the grim inevitability of your general contractor texting you that he’s just opened up your ceiling and discovered that all your joists had rotted out – and that he won’t be able to deal with that until he deals with the termites he found last week, and that they’ll have to wait until he gets to the cracks in the foundation slab from the week before, and that those will have to wait until he gets to the asbestos he just discovered in the walls.

Drip, drip, drip, as you realize that the most expensive thing you own – which is also the thing you had hoped to shelter for the rest of your life – isn’t even a teardown, it’s just a pure liability. Even if you razed the structure, you couldn’t start over, because the soil is full of PCBs. It’s not a toxic asset, because it’s not an asset. It’s just toxic.

Equifax isn’t just a company: it’s infrastructure. It started out as an engine for racial, political and sexual discrimination, paying snoops to collect gossip from nosy neighbors, which was assembled into vast warehouses full of binders that told bank officers which loan applicants should be denied for being queer, or leftists, or, you know, Black:

https://jacobin.com/2017/09/equifax-retail-credit-company-discrimination-loans

This witch-hunts-as-a-service morphed into an official part of the economy, the backbone of the credit industry, with a license to secretly destroy your life with haphazardly assembled “facts” about your life that you had the most minimal, grudging right to appeal (or even see). Turns out there are a lot of customers for this kind of service, and the capital markets showered Equifax with the cash needed to buy almost all of its rivals, in mergers that were waved through by a generation of Reaganomics-sedated antitrust regulators.

There’s a direct line from that acquisition spree to the Equifax breach(es). First of all, companies like Equifax were early adopters of technology. They’re a database company, so they were the crash-test dummies for ever generation of database. These bug-riddled, heavily patched systems were overlaid with subsequent layers of new tech, with new defects to be patched and then overlaid with the next generation.

These systems are intrinsically fragile, because things fall apart at the seams, and these systems are all seams. They are tech-debt personified. Now, every kind of enterprise will eventually reach this state if it keeps going long enough, but the early digitizers are the bow-wave of that coming infopocalypse, both because they got there first and because the bottom tiers of their systems are composed of layers of punchcards and COBOL, crumbling under the geological stresses of seventy years of subsequent technology.

The single best account of this phenomenon is the British Library’s postmortem of their ransomware attack, which is also in the running for “best hard-eyed assessment of how fucked things are”:

https://www.bl.uk/home/british-library-cyber-incident-review-8-march-2024.pdf

There’s a reason libraries, cities, insurance companies, and other giant institutions keep getting breached: they started accumulating tech debt before anyone else, so they’ve got more asbestos in the walls, more sagging joists, more foundation cracks and more termites.

That was the starting point for Equifax – a company with a massive tech debt that it would struggle to pay down under the most ideal circumstances.

Then, Equifax deliberately made this situation infinitely worse through a series of mergers in which it bought dozens of other companies that all had their own version of this problem, and duct-taped their failing, fucked up IT systems to its own. The more seams an IT system has, the more brittle and insecure it is. Equifax deliberately added so many seams that you need to be able to visualized additional spatial dimensions to grasp them – they had fractal seams.

But wait, there’s more! The reason to merge with your competitors is to create a monopoly position, and the value of a monopoly position is that it makes a company too big to fail, which makes it too big to jail, which makes it too big to care. Each Equifax acquisition took a piece off the game board, making it that much harder to replace Equifax if it fucked up. That, in turn, made it harder to punish Equifax if it fucked up. And that meant that Equifax didn’t have to care if it fucked up.

Which is why the increasingly desperate pleas for more resources to shore up Equifax’s crumbling IT and security infrastructure went unheeded. Top management could see that they were steaming directly into an iceberg, but they also knew that they had a guaranteed spot on the lifeboats, and that someone else would be responsible for fishing the dead passengers out of the sea. Why turn the wheel?

That’s what happened to Boeing, too: the company acquired new layers of technical complexity by merging with rivals (principally McDonnell-Douglas), and then starved the departments that would have to deal with that complexity because it was being managed by execs whose driving passion was to run a company that was too big to care. Those execs then added more complexity by chasing lower costs by firing unionized, competent, senior staff and replacing them with untrained scabs in jurisdictions chosen for their lax labor and environmental enforcement regimes.

(The biggest difference was that Boeing once had a useful, high-quality product, whereas Equifax started off as an irredeemably terrible, if efficient, discrimination machine, and grew to become an equally terrible, but also ferociously incompetent, enterprise.)

Keep reading

Your car spies on you and rats you out to insurance companies

ALT

I’m on tour with my new, nationally bestselling novel The Bezzle! Catch me TOMORROW (Mar 13) in SAN FRANCISCO with ROBIN SLOAN, then Toronto, NYC, Anaheim, and more!

ALT

Another characteristically brilliant Kashmir Hill story for The New York Times reveals another characteristically terrible fact about modern life: your car secretly records fine-grained telemetry about your driving and sells it to data-brokers, who sell it to insurers, who use it as a pretext to gouge you on premiums:

https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html

Almost every car manufacturer does this: Hyundai, Nissan, Ford, Chrysler, etc etc:

https://www.repairerdrivennews.com/2020/09/09/ford-state-farm-ford-metromile-honda-verisk-among-insurer-oem-telematics-connections/

This is true whether you own or lease the car, and it’s separate from the “black box” your insurer might have offered to you in exchange for a discount on your premiums. In other words, even if you say no to the insurer’s carrot – a surveillance-based discount – they’ve got a stick in reserve: buying your nonconsensually harvested data on the open market.

I’ve always hated that saying, “If you’re not paying for the product, you’re the product,” the reason being that it posits decent treatment as a customer reward program, like the little ramekin warm nuts first class passengers get before takeoff. Companies don’t treat you well when you pay them. Companies treat you well when they fear the consequences of treating you badly.

Take Apple. The company offers Ios users a one-tap opt-out from commercial surveillance, and more than 96% of users opted out. Presumably, the other 4% were either confused or on Facebook’s payroll. Apple – and its army of cultists – insist that this proves that our world’s woes can be traced to cheapskate “consumers” who expected to get something for nothing by using advertising-supported products.

But here’s the kicker: right after Apple blocked all its rivals from spying on its customers, it began secretly spying on those customers! Apple has a rival surveillance ad network, and even if you opt out of commercial surveillance on your Iphone, Apple still secretly spies on you and uses the data to target you for ads:

https://pluralistic.net/2022/11/14/luxury-surveillance/#liar-liar

Even if you’re paying for the product, you’re still the product – provided the company can get away with treating you as the product. Apple can absolutely get away with treating you as the product, because it lacks the historical constraints that prevented Apple – and other companies – from treating you as the product.

As I described in my McLuhan lecture on enshittification, tech firms can be constrained by four forces:

I. Competition

II. Regulation

III. Self-help

IV. Labor

https://pluralistic.net/2024/01/30/go-nuts-meine-kerle/#ich-bin-ein-bratapfel

When companies have real competitors – when a sector is composed of dozens or hundreds of roughly evenly matched firms – they have to worry that a maltreated customer might move to a rival. 40 years of antitrust neglect means that corporations were able to buy their way to dominance with predatory mergers and pricing, producing today’s inbred, Habsburg capitalism. Apple and Google are a mobile duopoly, Google is a search monopoly, etc. It’s not just tech! Every sector looks like this:

https://www.openmarketsinstitute.org/learn/monopoly-by-the-numbers

Keep reading

Saturday linkdump, part the sixth

On September 12 at 7pm, I’ll be at Toronto’s Another Story Bookshop with my new book The Internet Con: How to Seize the Means of Computation.

On September 14, I’m hosting the EFF Awards in San Francisco.

I usually write this blog 5-6 days/week, but every now and again, I take a break, and when I do, I get massive link backlogs of stuff I want to write about, but lack the time to address in depth. When that happens, I turn my Saturday edition into a linkdump. Today, I present the sixth in the series – here’s the other five:

https://pluralistic.net/tag/linkdump/

Why was I offline and away from my blog? I went to the dirt rave. Yes, I was one of the 70,000+ people stuck in the mud at this year’s Burning Man, and when I emailed my editor at the New York Times to say I might be late on the op-ed I was working on, she asked me to write about what this year’s mud crisis meant:

https://www.nytimes.com/2023/09/06/opinion/burning-man-flood-playa-climate-change.html

tl;dr:

• Bad weather is normal at Burning Man (it’s a feature, not a bug);
• Mostly burners leapt to the occasion, which is what people almost always do in disaster situations;
• This is the second Burning Man heavy weather year in a row;
• The climate emergency is tipping the Black Rock Desert from “extremely challenging” to “impossible”;
• This isn’t the last event, place and tradition that will have to be radically reconsidered in light of the climate emergency;

But now I’m home, in my hammock, with all the laundry done – just in time to leave again. I’m about to head back to my hometown of Toronto for a book launch. The Internet Con, my latest nonfiction (from Verso Books) came out last week, and I’ll be appearing at Another Story Bookshop on Tuesday:

https://anotherstory.ca/events/29283

Internet Con is a “Big Tech disassembly manual.” It explains how Big Tech got so big (lax anti-monopoly enforcement, which led to regulatory capture, which let Big Tech abuse our privacy, labor rights, and consumer rights), and how we can use interoperability so it’s no longer Too Big to Fail, nor Too Big to Jail:

https://www.versobooks.com/products/3035-the-internet-con

You can read a long excerpt from the book in Wired, which lays out some of the shovel-ready legislative, regulatory and technical proposals that are the book’s main purpose:

https://www.wired.com/story/the-internet-con-cory-doctorow-book-excerpt/

You can also hear me read the whole introduction and first chapter of the audiobook on my podcast:

https://craphound.com/internetcon/2023/08/01/the-internet-con-how-to-seize-the-means-of-computation-audiobook-outtake/

That comes from the audiobook, a DRM-free, independent edition that I financed, produced and narrated myself. You can get the audiobook everywhere except Audible, Apple Books, and Audiobooks.com, all of which have mandatory DRM policies. You can also get it direct from me:

https://transactions.sendowl.com/products/78992826/DEA0CE12/purchase

The DRM-free ebook is available everywhere ebooks are sold (Kobo, Kindle, Nook, etc), as well as in my own DRM-free ebook store:

https://transactions.sendowl.com/products/78992801/9C4FC2B8/purchase

Verso’s books are sold in bookstores around the world; you can support your local bookseller by buying it through Bookshop:

https://bookshop.org/p/books/the-internet-con-how-to-seize-the-means-of-computation-cory-doctorow/18771891?ean=9781804291245

If you’d like a signed copy, there’s stock at Book Soup:

https://www.booksoup.com/book/9781804291245

Now, it was inevitable that I would do a book event for Internet Con in Toronto – I’ve never had a bad event there, and I love my hometown – but the timing of this event was driven by a non-book-related factor. Talking Heads is appearing together at TIFF, to support the re-release of Stop Making Sense, the greatest concert film in human history:

https://pluralistic.net/StopMakingSense

Keep reading

Autoenshittification

Forget F1: the only car race that matters now is the race to turn your car into a digital extraction machine, a high-speed inkjet printer on wheels, stealing your private data as it picks your pocket. Your car’s digital infrastructure is a costly, dangerous nightmare — but for automakers in pursuit of postcapitalist utopia, it’s a dream they can’t give up on.

Your car is stuffed full of microchips, a fact the world came to appreciate after the pandemic struck and auto production ground to a halt due to chip shortages. Of course, that wasn’t the whole story: when the pandemic started, the automakers panicked and canceled their chip orders, only to immediately regret that decision and place new orders.

But it was too late: semiconductor production had taken a serious body-blow, and when Big Car placed its new chip orders, it went to the back of a long, slow-moving line. It was a catastrophic bungle: microchips are so integral to car production that a car is basically a computer network on wheels that you stick your fragile human body into and pray.

The car manufacturers got so desperate for chips that they started buying up washing machines for the microchips in them, extracting the chips and discarding the washing machines like some absurdo-dystopian cyberpunk walnut-shelling machine:

https://www.autoevolution.com/news/desperate-times-companies-buy-washing-machines-just-to-rip-out-the-chips-187033.html

These digital systems are a huge problem for the car companies. They are the underlying cause of a precipitous decline in car quality. From touch-based digital door-locks to networked sensors and cameras, every digital system in your car is a source of endless repair nightmares, costly recalls and cybersecurity vulnerabilities:

https://www.reuters.com/business/autos-transportation/quality-new-vehicles-us-declining-more-tech-use-study-shows-2023-06-22/

Keep reading

VW wouldn’t locate kidnapped child because his mother didn’t pay for find-my-car subscription

The masked car-thieves who stole a Volkswagen SUV in Lake County, IL didn’t know that there was a two-year-old child in the back seat — but that’s no excuse. A violent car-theft has the potential to hurt or kill people, after all.

If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2023/02/28/kinderwagen/#worst-timeline

Keep reading