“Enshittification,” surveillance, and AI… oh my! Part Two
Part one is here: “Enshittification,” surveillance, and AI… oh my! Part One
How the law has changed the internet
The birth of the internet is considered to be January 1st, 1983. That’s when the TCP/IP packet switching standard was made mandatory on ARPANet, the precursor to the modern internet. There was a transition phase through the 1980s.
ARPANet was predominantly based on DEC PDP and IBM minicomputers at academic and government institutions in the 1970s. Vint Cerf and Bob Kahn invented TCP/IP because packet switching wasn’t standardized on ARPANet from its 1969 launch. Two computers on ARPANet might not be able to exchange packets of data with each other because they use different packet switching technologies that aren’t compatible. TCP/IP debuted in 1974 and gradually became more and more common on ARPANet. By 1983, you had to use TCP/IP.
By the late 1970s, the earliest popular personal computers, such as the Apple II and the Commodore PET, started to make computing accessible to ordinary people at home. By the 1980s, Commodore 64 was huge and the Apple Macintosh and first IBM PCs took off. PCs became a more common sight in people’s homes and in small offices. And TCP/IP standardization made it easier for operating system and application developers to make software to get people at home on the early internet. Early consumer internet applications included email (which was invented for ARPANet), USENET, IRC (Internet Relay Chat), and the Quantum Link online service that launched for Commodore 64 in 1985, that evolved into America Online and IBM PC compatibility by 1989.
By 1990, the internet looked a lot different from how it looked in 1983. Lots of government and academic institutions stayed online and upgraded their tech. But there were also a lot more ordinary people and businesses, by orders of magnitude. ARPANet was officially decommissioned that year. And that same year, CERN’s Tim Berners-Lee launched the World Wide Web, the first webpages, the first webserver, and the first web browser, WorldWideWeb. The web really helped the internet explode in popularity in the 1990s. As a young child during that time, I really thought America Online, CompuServe, and Prodigy would be the face of the internet. But unlike those closed commercial services, the open standards based web was what showed staying power.
The law and the courts can be slow to catch up with the technological boom of what we called “the information superhighway.” (In the 2020s, we would say that sounds so cringe.)
The earliest criminally convicted cyber crime was conducted by the notorious Kevin Mitnick in 1979. He used a computer connected to ARPANet to hack into DEC’s The Ark computer. DEC was a dominant maker of minicomputers, and one of the leading computer brands at the time. The Ark computer was used to develop new operating systems and it contained valuable proprietary source code. Mitnick breached source code for DEC’s RSTS/E operating system.
Network security was really in its infancy back then. So Mitnick wasn’t convicted for his The Ark hack until 1988. There weren’t laws dedicated to cyber crime back then, but there were laws for intellectual property crime in general. Mitnick was sentenced to a year in prison plus three years of supervised release. While on supervised release, he committed another cyber attack to Pacific Bell. The cyber crimes he committed in the 1990s were what really made him infamous.
The first significant legislation in regards to the internet and cyber crime was Computer Fraud and Abuse Act (CFAA) of 1986. Prior to the Act, cyber crime was treated as mail and wire fraud in criminal court. The actions that the Act criminalized includes:
- “Intentionally accessing a computer without authorization or exceeding authorized access” in regards to financial institutions, US government agencies, and “any protected computer.”
- “Knowingly causing the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer.” That covers malware and malicious commands.
- “Intentionally accessing a protected computer without authorization, and as a result of such conduct, causes damage and loss.”
- Trafficking passwords to government and commerce computers, computer espionage, and even threatening to damage protected computers.
The Telecommunications Act of 1996 was important in its own way. All previous telecommunications laws focused on telegrams, telephones, radio broadcasting, and television. The Telecommunications Act of 1996 was mainly conceived to facilitate competition in the local and long distance telephone service market.
But The Act also included the internet. The Act contained Title V, known as the Communications Decency Act of 1996. The Act criminalized “patently offensive” sexually explicit material being made available to minors.
1998’s Digital Millennium Copyright Act (DMCA) was even more significant to the internet. The Act criminalized the evasion of access control measures to copyrighted content through the internet. This largely manifests as the DRM (digital rights management) technologies that are intended to prevent access to video games, other proprietary software, movies, music, digital books, and so on to people who don’t purchase it or otherwise acquire access with permission of the intellectual property owner. So yeah, when someone cracks the DRM on The Sims 3 and uploads it to BitTorrent P2P networks, that’s a violation of the DMCA.
By 2000, a lot more people were on the web and the internet started to become big business. Wall Street was in love with America Online, Yahoo!, early Amazon, and also a plethora of long forgotten “dot coms” that were destroyed in the “dot com bust” of the early 2000s. What do you mean, just putting a business on the web isn’t a guarantee of massive profits?
Michael Calce was 15 years old at the time, and he really wanted to show off his l33t skills to his buddies. He harnessed a crude botnet out of university computers to perform DDoS (distributed denial of service) attacks on the websites of Amazon, CNN, Dell, E*Trade, eBay, and Yahoo! A botnet is when an attacker controls a bunch of other people’s computers through the zombie malware they’re infected with in order to perform vast synchronized attacks. And a DDoS attack is when a large number of computers are used to overwhelm a network target with data in a way that makes the targeted servers go offline. DDoSed computers are usually temporarily offline until an administrator brings them back online. But the fact that a teenage boy was able to make the internet presences of these big corporations go offline for funsies sent chills up oligarch’s spines. As Calce said in an interview with NPR:
“The New York Stock Exchange, they were freaking out, because they were all investing in these ecommerce companies. And then it’s like, ‘Okay, a 15-year-old kid can shut us down at any point? Is our money really safe?’”
Calce’s DDoS attacks and the subsequent corporate panic made the White House nervous. Those incidents occurred during Bill Clinton’s final year as President. The Clinton Administration decided to take action. From a February 2000 CNN article:
“Searching for ways to improve security on the Internet, President Bill Clinton convened a meeting at the White House on Tuesday with technology experts that included a hacker named Mudge.
Saying security on the Internet should be improved without jeopardizing the entrepreneurial potential of e-commerce, the president endorsed a $9 million proposal to create a high-tech security institute.
‘We know we have to keep cyberspace open and free,’ Clinton said. ‘At the same time, computer networks (must be) more secure and resilient and we have to do more to protect privacy and civil liberties.’
The meeting follows a blizzard of assaults last week that disabled some of the nation’s most popular Web sites, among them CNN.com, eBay, Yahoo, Amazon.com and E*Trade.”
Is it a coincidence that CNN published that, one of Calce’s DDoS targets? What you may find even more intriguing is, who is Mudge?
Many years before the 4chan that nurtured the Anonymous hacktivist group was even an idea, there was another notorious hacktivist group called Cult of the Dead Cow (cDc). Cult of the Dead Cow was formed in Texas in 1984. The “Cult” was the origin of l33t speak. They also developed many cracking tools together, including one of the earliest Remote Access Trojans (RAT), Back Orfice.
Anonymous didn’t exist until 2008, and they were perhaps best known for targeting the Church of Scientology. But the cDc started trolling Scientology on USENET all the way back in 1998.
Mudge’s real name is Peiter Zatko. He wrote “How to Write Buffer Overflows” in 1995. A buffer overflow attack is a type of cyber exploit where an attacker overwhelms a computer’s memory buffer to write data beyond its allocated memory. Other memory locations can be overwritten by this sort of exploit, and it’s also a part of many DDoS attacks. In a nutshell, you can make a computer execute malicious code or trigger it to shut down. In 1996, Mudge joined the cDc.
Mudge is an interesting character. He was a musician who attended the prestigious Berklee College of Music. He also developed the L0phtCrack, AntiSniff, and l0phtwatch cracking tools. In my opinion, Mudge is a brilliant computer scientist but his counter culture appearance was a total facade. In reality, he really loves the idea of working for The Man. And so by Clinton’s personal invitation, he began his US government career. Mudge was totally the guy the American intelligence state needed to stop the Calces of the world from threatening American corporations.
Mudge went on to join DARPA, the US Defense Advanced Research Projects Agency that birthed ARPANet (which evolved into the internet) and many of the other computing technologies that we use everyday.
When non-cyber threat actors hijacked jumbo jets on September 11th, 2001 and deliberately crashed them into the World Trade Center towers in New York City, that encouraged American cyber operations to develop even further. 9/11 had a domino effect on the US security state that brought even more funding for military and intelligence operations. The Department of Homeland Security was founded, the Patriot Act was signed, and George Bush Junior launched a mission to grab control of Iraq away from Saddam Hussein and into American hands. (That was something Bush’s father wasn’t completely successful at.) The US decided to target Iraq, even though the 9/11 hijackers were from Saudi Arabia, and Osama Bin Laden was likely in Afghanistan. (Although, a huge US military mission targeted the Taliban in Afghanistan soon after The Second Gulf War was launched.)
The Patriot Act of 2001 is what took the gloves off to enable US government agencies, such as the NSA, to much more easily spy on ordinary people on the internet. The state no longer needed to prove “probable cause” to surveil internet activity. Judges could issue search warrants to law enforcement much more quickly. And of course, we likely wouldn’t be notified if a US government agency acquired a search warrant to spy on us.
But at the very least, the Patriot Act still required warrants. Even so, the Patriot Act and US paranoia triggered by 9/11 in general emboldened entities like the NSA to go even further. More on that in the the next section.
Fast forward to 2024. The Protecting Americans from Foreign Adversary Controlled Applications Act (PAFACA) was signed into law on April 24th as part of the National Security Act. The Act bans the use of “foreign adversary controlled applications” in the United States in regards to social networking applications. If the President of the United States decides that a social networking application is “foreign adversary controlled” and needs to be banned, the application’s owner has 270 to 360 days to remove American access to it.
It’s absolutely no secret that PAFACA was designed to target TikTok. It’s also suspected by many skeptical internet users that the US government wants to ban TikTok if parent company ByteDance doesn’t sell it to an American company at least partly because Generation Z have been learning horrific details about the Palestinian genocide through using that application. More on that later!
That’s the “why.” But before I get into more details about the “how.”
How Silicon Valley and law enforcement try to surveil and control the internet
So there’s the context for America’s 21st century revolution of internet regulatory enforcement. Let’s look at some of the implications, years after legislation like the Computer Fraud and Abuse Act and the DMCA were signed into law.
The DMCA is what empowers publications like the Washington Post and the New York Times to put annoying paywalls all over their websites.
The Computer Fraud and Abuse Act has had its own terrible implications.
Aaron Swartz is one of the mot important hackers to have ever lived. He has had a huge impact on the internet and hacker culture.
RSS (RDF Site Summary or Real Simple Syndication) is a web format that enables internet users to enjoy a variety of internet content through a single news aggregator. It’s a totally open format. RSS is often used to deliver webpages from news websites and discussion forums. It’s also now a common way for podcasts to be distributed.
Netscape’s Dan Libby and Ramanathan V. Guha started development on RSS in the late 1990s and the first version was released in March 1999. Swartz joined the RSS-DEV Working Group not long after, and he was instrumental in improving how it works. The proper RSS 1.0, complete with Swartz’s improvements, was released in December 2000. RSS likely wouldn’t have had its first popularity boom in 2005 if it weren’t for Swartz’s work.
Swartz also worked on the development of Reddit from 2005 to 2007. Swartz was also notable for his work on Creative Commons, a way for creators to license their content for sharing on the internet in a way that’s both “free of charge” and free in the sense of the hacker ethos “knowledge should be free.” Creative Commons is an alternative to copyright law that makes it much easier for people to enjoy information and art outside of corporate profit. Otherwise, US copyright law doesn’t let content become public domain until several decades after its creation, and “fair use” has limited applications.
Swartz really lived by “knowledge should be free.” And he also died by it.
Swartz’s apparently criminal liberation of proprietary information started in 2008. That year, he used a Perl script to scan AWS servers for millions of files in the PACER (Public Access to Court Electronic Records) database that’s managed by the Administrative Office of the United States Courts. It was possible for ordinary people to pay to access PACER, but the fees were expensive. Do we have a right to read nonclassified court documents as citizens?
Swartz was investigated by the FBI, but no charges were filed against him. PACER continued to charge for access per page. But Swartz’s actions encouraged PACER to make it possible for users to save files onto their computers and distribute those files freely. If you’re like me and you love the YouTube channels and podcasts where lawyers explain celebrity court cases, you have Swartz to thank for their ability to examine court documents on their shows.
What really got Swartz into trouble was what he did in late 2010 and early 2011. Swartz was a research fellow at Harvard University, which granted him a JSTOR account. JSTOR is a vast digital repository of academic research. Swartz went to the other side of Cambridge, Massachusetts to MIT’s campus. He connected his laptop to MIT’s network through a wiring closet. From September 2010 to early 2011, Swartz downloaded as much JSTOR content as he could. He believed that the public should have free access to academic research.
A JSTOR employee started to notice an anomalous amount of downloading to an MIT IP address in September, and they notified MIT’s administration. By early 2011, a video camera was hidden in the wiring closet so law enforcement could gather evidence on the individual who was using their laptop to download so much.
By July 2011, the cops had tons of evidence for the court. Swartz was indicted by a grand jury on charges of wire fraud, computer fraud, unlawfully obtaining information from a protected computer, and recklessly damaging a protected computer. The Middlesex County Superior Court tried Swartz for several months. By September 2012, Swartz was possibly facing 35 years in prison and a $1 million fine. Swartz was only 24 years old at the time, but that’s still an incredibly long prison sentence. Convicted murderers often don’t get that much.
Plea negotiations got prosecutors to lower Swartz’s punishment significantly to six months in minimum security prison if he plead guilty to 13 charges. Swartz refused.
But the stress on him must have been immense. On January 11th, 2013, Aaron Swartz died by suicide.
In September 2011, while Swartz’s criminal trial was going on, JSTOR made public domain content free to the public. Shouldn’t public domain content be free anyway? JSTOR has been widely criticized for continuing to paywall most of its content. Academic researchers often don’t get paid for their work on academic reports, but their schools make lots of money from it. JSTOR does now have a “Register and Read” program that offers free access to some researchers. But as of this writing, JSTOR content is still behind a paywall.
Earlier I discussed the Patriot Act of 2001. Although the Patriot Act still requires warrants in order for law enforcement to surveil Americans on the internet, it emboldened the NSA to surveil Americans en masse without warrants. As Ed Pilkington wrote for The Guardian in September 2021:
“If the Patriot Act was produced in a flash, behind the scenes secret systems for mass surveillance were being built at even greater speed. One of the most audacious plans was drafted by nightfall on the day of 11 September itself.
The plan, ominously titled ‘Total information awareness’, was the brainchild of John Poindexter, a disgraced former naval officer who had been Ronald Reagan’s national security adviser and a key figure in the Iran-contra scandal. TIA, Poindexter blustered, would act as an early-warning alarm for future 9/11s by gathering up the digital data of all Americans — innocent or guilty — and using it to search for patterns of terrorist activity.
No warrants would be sought. They would just do it, irrespective of laws or constitutional niceties.”
The “Total information awareness” program is what started the NSA’s mass internet espionage that Edward Snowden infamously exposed.
Now let’s get more into the “TikTok ban,” otherwise known as PAFACA. Curious internet policy thinkers like me suspect that PAFACA exists to make sure that Americans only access news through American corporations and entities. Most notably, it’s messy when the younger generations learn details about the Palestinian genocide through non-American owned platforms like TikTok. Some people might accuse us of having tinfoil hat theories. Alas, a public discussion at the McCain Institute in May 2024 between US Secretary of State Antony Blinken and Senator Mitt Romney pretty much confirmed it.
Romney asked, “You may not want to answer this question, but that is– the President sort of dipped his toe into the criticism of Israel and the way they’ve conducted the war so far, saying we’re not entirely happy with how this has been carried out. What would our administration have done differently? What is our specific criticism, and what guidance will that provide for what they do going forward?”
Blinken replied, “Well, let’s start with the– in a sense, the obvious that seems to have been forgotten, or almost erased from the conversation, which is October 7th (2023) itself (when tensions escalated between Hamas and the Israeli Defense Force). And it’s extraordinary how quickly the world moved on from that.
It’s also extraordinary the extent to which Hamas isn’t even part of the conversation. And I think that’s worth a moment of reflection, too…”
Blinken went on for a bit, and then Romney asked, “Why has the PR been so awful? I know that’s not your area of expertise, but you have to have some thoughts on that, which is, I mean, as you’ve said, why has Hamas disappeared in terms of public perception?”
Blinken replied, “… I think in my time in Washington, which is a little bit over 30 years, the single biggest change has been in the information environment. And when I started out in the early 1990s, everyone did the same thing. You woke up in the morning, you opened the door of your apartment or your house, you picked up a hard copy of The New York Times, The Washington Post, The Wall Street Journal. And then if you had a television in your office, you turned it on at 6:30 or 7 o’clock and watched the national network news.
Now, of course, we are on an intravenous feed of information with new impulses, inputs every millisecond. And of course, the way this has played out on social media has dominated the narrative. And you have a social media ecosystem environment in which context, history, facts get lost, and the emotion, the impact of images dominates. And we can’t– we can’t discount that, but I think it also has a very, very, very challenging effect on the narrative.”
Then Romney actually named TikTok. “A small parenthetical point, which is some wonder why there was such overwhelming support for us to shut down potentially TikTok or other entities of that nature. If you look at the postings on TikTok and the number of mentions of Palestinians relative to other social media sites, it’s overwhelmingly so among TikTok broadcasts. So I’d note that’s of real interest, and the President will get the chance to make action in that regard.”
So there it is.
I’ve never had a TikTok account, so one might ask, “If you’re not a TikTok user, why should you care?” But PAFACA has set a precedent that will accelerate the US government’s actions to censor more and more internet services. Their goal is to make sure that all news shown to American residents is controlled through American corporations.
And that’s one of the reasons why my thesis is that ordinary people should shift their internet activities to the “darknet,” through systems like the Tor Network and the I2P Network.
Part three will be posted next week. It’s all about how the darknet can protect your privacy.
At the Fan level: Naomi Buckwalter! OMG, thank you!
At the Reader level: François Pelletier and IGcharlzard!
I will do my best to post something new weekly. If you can, I’d love for you to join my Patreon supporters here. I even have support levels where I can do custom work for you: https://www.patreon.com/kimcrawley
