« Newton's Third Law #2, 3rd Update, 8:31 p.m. EST | Main | The Media in Sixteen Snappy Paragraphs »

February 12, 2011

Comments

One wonders whether these tactics might be useful to authoritarian governments interested in suppressing pro-democracy movements - they wouldn't care how many innocents got caught in the gears.

I wonder if the invitation to Barr (as CogAnon) to participate was a subtle way of telling him he was busted, and maybe if he had picked up on that and left quietly, the excrement would not have have been tossed at the fan. This is a counter-factual, but I still wonder about it.

I doubt the accuracy of the "16 year old girl" claim, just on the basis that the phrase "16-year-old-girl" is something of a meme with these people. If this information came from Anonymous, then it's just their in-joke way of implying that the admin deserted his post in exchange for underage nude pictures.

Similarly, any statement from Anonymous containing the words "over 9000" should be taken with a grain of salt.

At the time I write this, Berico, its CEO Guy Filippelli and COO Nick Hallam have formally severed ties with HBGary and issued a statement (at the Salon link.) Bank of America spokesman Scott Silvestry denied seeing the presentation, denied engaging HBGary Federal, and denied interest in any practices "discussed in recent press reports involving HBGary Federal."

Where have I heard this before?

Remember how we've spent decades with Baby Boomers whining about how they didn't get the scifi future they were promised as kids in the 50s and 60s? How all that moon-base, jet-pack stuff never came to pass?

Well... I grew up in the 80s, back when cyberpunk was the future. And, from the look of things, it just arrived.

Massive worldwide data network? Check.

Absurd corporate-owned government structure oppressing the citizenry behind a pleasant facade? Check.

Collectives of teenage quasi-anarchist hackers running amok? Check.

Yeah. Now, admittedly, the Asian Country Running The World (tm) will apparently be China and not the Japan as planned, but you have to make a certain number of allowances for these things....

I grew up in the 80s, back when cyberpunk was the future. And, from the look of things, it just arrived.

Damn kids, you don't appreciate how hard we've worked to make your dystopian dreams come true...

If this information came from Anonymous, then it's just their in-joke way of implying that the admin deserted his post in exchange for underage nude pictures.

Baf, can you back this up with any evidence? That's a pretty serious presumption to be based on ... what? Do you have knowledge/experience of this occurring, or a link you could share in which this was a previous action of Anonymous?

Nice series of stories. Thanks for sharing these.

Like the whole Wikileaks thing, I'm super ambivalent about this. Barr is an ass, clearly. But on the other hand Anonymous isn't exactly covering itself with glory here. They seem to be taking it out on a company that goes well beyond Barr, and are insisting on the right to continuously disrupt their network presence unless they fire Barr.

What happens if they are ever wrong about anything? Do we just not care?

Do we just not care?

Yeah, I don't really care.

I mean, perfectly legitimate companies get hammered by international criminal gangs all the time and they have to deal with it. Barr and his associates were basically planning on defrauding the government and tarring random innocent people and were extraordinarily stupid. So I don't really care about them. And of all the problems that afflict serious companies on the internet, Anonymous just isn't a priority. Not at all. Not even a little bit.

"Do we just not care?

Yeah, I don't really care"

A little different,

I care about Anonymous, but not Barr. At some point they (Anonymous) will get po'd at someone who will have my money, then I will care a lot.

At some point they (Anonymous) will get po'd at someone who will have my money, then I will care a lot.

To be fair, they've gotten pissed off at Mastercard, Visa and Amazon. But that didn't matter because Anonymous has very limited capabilities when faced against technically sophisticated adversaries (which HBGary was not). Anonymous ran their little DDOS attacks against MC/Visa/Amazon but unlike real criminal gangs, they don't actually control a botnet, they're just some random guys with home network pipes and that's not much of a threat.

At some point they (Anonymous) will get po'd at someone who will have my money, then I will care a lot.

Conversely, at some point Barr, or someone quite a bit like Barr, might be the guy who has your money, and might piss it away through being an insufferable jerk.

There are some folks associated with HBGary who are having that experience right this very minute.

True enough russell.

One thing related to this that I meant to write about when Wikileaks was getting kicked off/out of Amazon, BofA, Mastercard, etc. is the extent to which our lives are at the mercy of corporate "Terms of Service." The justification/fig leaf that all (or maybe most) of those companies used for severing their ties with Wikileaks was that the latter had violated their Terms of Service.

I don't think I've ever read the Terms of Service for anything I use online, now or ever. Amazon's ToS states "Amazon reserves the right to refuse service, terminate accounts, remove or edit content, or cancel orders in their sole discretion." I assume that other sites/services have similar rules, including what appears to have been cited in Wikileaks' case, that Wikileaks violated the site/service's ToS by "facilitating illegal activity."

Presumably the sites are primarily concerned with the illegal activity of the user with the account, here Wikileaks, but I think they're writtent broadly enough that if your use of the site facilitates the illegal activity of someone else you account can be canceled. Further, what is my recourse if Amazon cancels my account, or if an online pictures storage website does the same and deletes all my pictures or my online email account is canceled and deleted? My bank/Paypal account?

Suppose BofA decides it doesn't like the ACLU and goes about closing the accounts of members/donors,* and convinces Citibank, Wells Fargo, etc. to follow suit, what then?

Has this sort of "live by the ToS, die by the ToS" world always been around, or is this something new these days?

Just seems a little frightening.

*I assume that this may be harder for an FDIC insured bank to do with respect to basic checking accounts than, say, Amazon canceling your online account.

Has this sort of "live by the ToS, die by the ToS" world always been around, or is this something new these days?

I think we've always had a form of this kind of social coercion: if you were supporting the civil rights movement in the 60s, in many towns I suspect that local businesses would decide that their ToS suddenly prohibited doing business with you.

It is a bit different now though in that the big productivity revolution involves outsourcing services like crazy. For MC/Visa, it is especially pernicious because they've locked up the whole market. Amazon's cloud offerings haven't reached that level of dominance yet, but moving off of them can be really hard given the lack of standardization in the infrastructure as a service market.

For places like Amazon, ToS are written entirely to their benefit rather than their customers. I can see the justification for a right of arbitrary termination with zero notice in the case of faulty or malicious applications that are damaging Amazon's network or clearly breaking the law, but in cases where that hasn't happened, I don't see why they can't settle for 'your service will be terminated in 30/90 days' model. Network integrity has become the excuse used to justify all sorts of things that have nothing to do with network integrity.

Outstanding blogging. Really good stuff.

Jadegold, nous, thank you! Ugh, I'd be very interested to read your views on Terms of Service contracts.

Ugh, I'd be very interested to read your views on Terms of Service contracts.

Well, not sure I have much beyond what I worry/muse about above.

My general concerns are that it costs companies virtually nothing in the vast majority of cases to cancel an account or kick someone off their service. That they can do this for any reason or no reason. In contrast, it will cost the individual user in many cases much more time, money and effort to fight to be allowed to stay on the service after being kicked off.

Further, I worry about collusion among the big players to effectively strangle an individual's or group's ability to function in modern society. If your bank accounts and credit cards are canceled, along with your online email service and cable/internet/phone bundle, what can you do? It seems much more likely for this to happen today when it's relatively easy for big companies to shut such things off and also find out what other companies are doing with respect to a particular user or group. This is especially the case (and most worrisome) if the federal government is actively encouraging the big players to shut down someone the government doesn't like.

Anyway, I've been thinking about this since the Wikileaks case and after reading this article in which he is all "Hey! Put your stuff in the cloud, you'll never have to worry about computer viruses erasing you content again!" To which (one of) my first thoughts was "yeah, until whatever service you're using decides it doesn't like you and deletes all your stuff."

Sebastian: "What happens if they are ever wrong about anything? Do we just not care? "

We've seen the US government sink to new lows, get caught, and get away with it. We've seen Wall St actually break the world financial system, and not only get away with it, but make a profit. With the GOP and the Tea Party, we're watching the people most responsible for this come right back into the game, blaming everybody but themselves - successfully.

Do you not care about that?

I don't think I've ever read the Terms of Service for anything I use online, now or ever.
I can't claim I've ever read every TOS I've agreed to, because I haven't.

But I've read a lot, and rejected many, and I always read any that involve making use of my writing, because there's no way on earth I'm signing away some of the stuff that one is often asked to, and anyone who signs a legally binding document without reading it... I politely won't finish that sentence.

But I'll suggest that anyone who does that has no argument against what they agreed to.

Take a look -- well, this probably won't interest anyone who isn't a professional writer, or in publishing, but I offer the case of what BlogBurst tried to do.

Just for starters:

Dear [Pluck Person].

I'm afraid I have a variety of problems with this agreement. As you may or may not know, I have a background in publishing, and as an editor, and am quite familiar with publishing contracts and the meanings of a wide variety of terms of rights, and the language of such contracts.

"you grant to Pluck and its affiliates a non-exclusive, worldwide, royalty-free, perpetual license to reproduce, distribute, make derivative works of, perform, display, disclose, and otherwise dispose of the Work (and derivative works thereof) for the purposes of (a) modifying the Work without substantially changing its original meaning, and (b) distributing the Work (and derivative works thereof) to Publisher electronic web sites or corresponding printed editions, whether now known or hereafter devised."

I would never sign a "perpetual license" without a vast amount of compensation. I would be willing to grant a limited term license under various more normal terms and limitations, and provisions for reversion of rights, in return for something resembling a standard royalty. As it is, you are asking for an extraordinary grant of rights, in return for essentially nothing, I'm afraid. Not withstanding the unusual "non-exclusive" language. But "royalty-free, perpetual" are words I have a problem with.

Yeah, like I really want to give up all rights to my own words "perpetually."

That's rather a long time.

Josh Marshall's TPM, after it first went corporate, had a similar TOS that you had to click to agree to before you were allowed to comment.

No effing way, bub. You want my words? Pay me. Or I'll give you them free, and no rights. But don't shove a stick up my rear end, tell me I'm selling you all rights to my words in return for the thrill of you having ownership of them.

Other TOS have similar thefts. Don't wanna read them? Kewl.

Maybe we should make everyone who wants to comment on ObWi agree that they're committing to turning over $1k a month, and no one will read that, either.... :-)

As you may gather, I think signing legally binding agreements without reading them is... well, hey, if that works for you, it's not my business. Literally.


On the other hand:

Amazon's ToS states "Amazon reserves the right to refuse service, terminate accounts, remove or edit content, or cancel orders in their sole discretion."
That I don't see anything wrong with. It's no different than a sign in the store saying we don't have to serve you if you're an assh*le.

It's no different than the posting rules here. Or saying that you reserve the right to not guarantee everyone in the world the right to show up with a bullhorn in your bedroom at 4 a.m. What's wrong with any of this?

Further, what is my recourse if Amazon cancels my account, or if an online pictures storage website does the same and deletes all my pictures or my online email account is canceled and deleted? My bank/Paypal account?
Take your business elsewhere. I'm not seeing what's the objection here: does the Constitution demand that you provide services to other people against your will, other than as mandated by the 14th Amendment?

What you're demanding is the right to slavery. If Amazon doesn't want to do business with you, why on earth should they be required to, so long as they're not discriminating against you by forbidden class? What's your objection to this? Do you feel other people should be required by law to have you serve them? I doubt it, but how can you have a law that says it only works one way, and not both ways? How would that be worded, exactly?

Further, what is my recourse if Amazon cancels my account, or if an online pictures storage website does the same and deletes all my pictures or my online email account is canceled and deleted?
Jeepers, if you don't have redundancy, well, then, don't be surprised when you lose all your stuff! You have no recourse other than not expecting things to go wrong.

Maybe you've never had stuff like that happen to you. You've lived a very very lucky life, in that case, is all I can say. What recourse do you have if your apartment building burns down with your stuff in it, and you have no insurance? You're SOL, that's your recourse.

This is news?

Suppose BofA decides it doesn't like the ACLU and goes about closing the accounts of members/donors,* and convinces Citibank, Wells Fargo, etc. to follow suit, what then?
First of all, anti-trust law.
Has this sort of "live by the ToS, die by the ToS" world always been around, or is this something new these days?
Origin and scope of contract law:
Contract law is based on the principle expressed in the Latin phrase pacta sunt servanda, which is usually translated "agreements to be kept" but more literally means "pacts must be kept"
Yes, it's been around for rather a long time. Do you want to go back to Roman law, or the Bible, or Chinese history, or Ancient Greek, or Eqyptian, or take your choice.

I expect it started with language.

Anyway, I've been thinking about this since the Wikileaks case and after reading this article in which he is all "Hey! Put your stuff in the cloud, you'll never have to worry about computer viruses erasing you content again!" To which (one of) my first thoughts was "yeah, until whatever service you're using decides it doesn't like you and deletes all your stuff."
Um, what? There are thousands of uploading services! Tens of thousands! What kind of bleeding idiot would back their stuff up to only one?

Of course you use multiple back-ups! This is computer safety 101!

Why is this a problem? Do you keep all our money under your mattress and think that's safe?

If you want to keep your data safe of course you use multiple hard drives, a remote location, and multiple online back-ups. Duuuh!

How on earth else would you keep your data safe? Pray to the lord?

If your bank accounts and credit cards are canceled, along with your online email service and cable/internet/phone bundle, what can you do?
First, I've never had a credit card in my life, so not seeing the problem there. Second, last I looked, there were, again, thousands of choices. What you can do is pick several hundred.

Gary - thanks. I'm not sure I disagree with any of your individual points taken separately, though I'm not sure I'm in total agreement with:

and anyone who signs a legally binding document without reading it... I politely won't finish that sentence.

But I'll suggest that anyone who does that has no argument against what they agreed to.

Perhaps in a world where everyone had unlimited time and ability and there was a true "meeting of the minds" with respect to each and every contract then I would agree, but I don't think that's the world we live in, legally or otherwise.

In any event, I guess my general point is that many of these large businesses need to be treated as common carrier such that, yes, they MUST do business with you except in certain, limited defined circumstances that they do not get to set unilaterally. And also that it's very easy for them to just cut you off, without warning, for any reason or no reason, and easy for them to coordinate with other businesses (actually or tacitly) in a way that does not, e.g., violate antitrust laws.

Um, what? There are thousands of uploading services! Tens of thousands! What kind of bleeding idiot would back their stuff up to only one?

In the case of Wikileaks, I think specificity destroys this argument. If you're running a small business or some sort of free service that is moderately complex from Amazon's infrastructure, you don't have thousands of alternatives. You have maybe two or three alternatives that are price-competitive with Amazon. I mean, there just aren't that many providers that can give you disk/cpu/bandwidth pay for what you use with distribution in multiple data centers at the price Amazon charges. Rackspace can do it. Google can do it with App Engine, kind of.

But switching to them isn't something you can just do at the drop of a hat; you need a fair bit of technical sophistication and time to make the transition because these sorts of services are not standardized at all. Alternatively, there are thousands of co-lo providers that can you can deploy anything to, but the service they are offering is much more low level than what Amazon/Rackspace/GAE offers. If you want to play that game, you have to spend a lot more money (system administrators don't work cheap). Again, you can do anything if you have an infinite pile of money.

First, I've never had a credit card in my life, so not seeing the problem there. Second, last I looked, there were, again, thousands of choices. What you can do is pick several hundred.

There are tens of thousands of credit cards, but only a small handful of issuers. The market has been locked up by two major providers. If Visa/MC decide that you can't have credit cards anymore, then you won't be able to get credit cards from anyone else. And without credit cards, paying for online services is really hard: you can pay by check, but that means that you get no service for a week or two or four.

Themis Applies JSOC Techniques to Citizens “Extorting” from Corporate Clients.

I have a feeling I’ll be doing a lot of these posts, showing how Hunton & Williams asked “Themis” (the three firm team of HBGary, Palantir, and Berico Technologies) to apply counterterrorism approaches to combat First Amendment activities.

This particular installment comes from an early presentation and accompanying proposal Themis prepared for Hunton & Williams. These documents were attached to an email dated November 2, 2010 sent out by Berico Technologies’ Deputy Director. He explains that the presentation and proposal would be briefed to H&W the following day.

The Powerpoint includes a slide describing the purpose of Themis’ pitch to H&W.

Etc.

Ugh:

And also that it's very easy for them to just cut you off, without warning, for any reason or no reason, and easy for them to coordinate with other businesses (actually or tacitly) in a way that does not, e.g., violate antitrust laws.
True. I wasn't trying to imply we live in The Best of All Possible Worlds. Much should be done to improve things, and laws requiring plain but legal language are good, obfuscation is bad, TOS that you "agree" to by cutting plastic is bad, and so on.

I just tend to cut to more root reform needed.

Turbulence, also true. And because of my physical limitations, I do a lot of business with Amazon because I can't get out much, can carry less, have little time, and they're the best alternative in many circumstances; otherwise it's all trade-offs with physical pain in some way, including time. (And this morning, arthritis in hands really limiting typing, even.)

Pluses and minuses of capitalism, really.

Agree credit card companies need strict laws; some advances by last Congress and Obama good; more would be better. Watching the way the companies are squirming with weasel wording in boilerplate and ads is amusing, but still easy for them to fool those who don't know what's going on; their wording still makes it appear that you should opt-in to garbage, and basically there are limits to how much you can protect low-information people, but there's always room for improvement by law, while also needing to be careful about law of unintented consequences, laws passed drafted by lobbyists, badly worded laws, etc.

If only government led by vanguard of wise people like us were a good idea.... :-)

But crucial point: debit cards work just like credit cards for most purposes, but without same catches. Of *course* I have debit cards. Don't cost anything, provide all services, just don't end up losing lots of money to charges, setting aside minor fact no one in right mind would give me credit. :-)

Nor would I want any credit, save to be able to rent habitation, or if I drove, etc. It's basically a scam, otherwise, unless you can afford to just toss money down rathole, or watch like hawk.

The comments to this entry are closed.