Tesla accused of hacking odometers to weasel out of warranty repairs
I'm on a 20+ city book tour for my new novel PICKS AND SHOVELS. Catch me at NEW ZEALAND'S UNITY BOOKS in AUCKLAND on May 2, and in WELLINGTON on May 3. More tour dates (Pittsburgh, PDX, London, Manchester) here.
A lawsuit filed in February accuses Tesla of remotely altering odometer values on failure-prone cars, in a bid to push these lemons beyond the 50,000 mile warranty limit:
The suit was filed by a California driver who bought a used Tesla with 36,772 miles on it. The car's suspension kept failing, necessitating multiple servicings, and that was when the plaintiff noticed that the odometer readings for his identical daily drive were going up by ever-larger increments. This wasn't exactly subtle: he was driving 20 miles per day, but the odometer was clocking 72.35 miles/day. Still, how many of us monitor our daily odometer readings?
In short order, his car's odometer had rolled over the 50k mark and Tesla informed him that they would no longer perform warranty service on his lemon. Right after this happened, the new mileage clocked by his odometer returned to normal. This isn't the only Tesla owner who's noticed this behavior: Tesla subreddits are full of similar complaints:
Drivers noticed that they were getting far fewer miles out of their batteries than Tesla had advertised. Naturally, they contacted the company for service on their faulty cars. Tesla then set up an entire fake service operation in Nevada that these calls would be diverted to, called the "diversion team." Drivers with range complaints were put through to the "diverters" who would claim to run "remote diagnostics" on their cars and then assure them the cars were fine. They even installed a special xylophone in the diversion team office that diverters would ring every time they successfully deceived a driver.
These customers were then put in an invisible Tesla service jail. Their Tesla apps were silently altered so that they could no longer book service for their cars for any reason – instead, they'd have to leave a message and wait several days for a callback. The diversion center racked up 2,000 calls/week and diverters were under strict instructions to keep calls under five minutes. Eventually, these diverters were told that they should stop actually performing remote diagnostics on the cars of callers – instead, they'd just pretend to have run the diagnostics and claim no problems were found (so if your car had a potentially dangerous fault, they would falsely claim that it was safe to drive).
Most modern cars have some kind of internet connection, but Tesla goes much further. By design, its cars receive "over-the-air" updates, including updates that are adverse to drivers' interests. For example, if you stop paying the monthly subscription fee that entitles you to use your battery's whole charge, Tesla will send a wireless internet command to your car to restrict your driving to only half of your battery's charge.
This means that your Tesla is designed to follow instructions that you don't want it to follow, and, by design, those instructions can fundamentally alter your car's operating characteristics. For example, if you miss a payment on your Tesla, it can lock its doors and immobilize itself, then, when the repo man arrives, it will honk its horn, flash its lights, back out of its parking spot, and unlock itself so that it can be driven away:
Some of the ways that your Tesla can be wirelessly downgraded (like disabling your battery) are disclosed at the time of purchase. Others (like locking you out and summoning a repo man) are secret. But whether disclosed or secret, both kinds of downgrade depend on the genuinely bizarre idea that a computer that you own, that is in your possession, can be relied upon to follow orders from the internet even when you don't want it to. This is weird enough when we're talking about a set-top box that won't let you record a TV show – but when we're talking about a computer that you put your body into and race down the road at 80mph inside of, it's frankly terrifying.
Obviously, most people would prefer to have the final say over how their computers work. I mean, maybe you trust the manufacturer's instructions and give your computer blanket permission to obey them, but if the manufacturer (or a hacker pretending to be the manufacturer, or a government who is issuing orders to the manufacturer) starts to do things that are harmful to you (or just piss you off), you want to be able to say to your computer, "OK, from now on, you take orders from me, not them."
In a state of nature, this is how computers work. To make a computer ignore its owner in favor of internet randos, the manufacturer has to build in a bunch of software countermeasures to stop you from reconfiguring or installing software of your choosing on it. And sure, that software might be able to withstand the attempts of normies like you and me to bypass it, but given that we'd all rather have the final say over how our computers work, someone is gonna figure out how to get around that software. I mean, show me a 10-foot fence and I'll show you an 11-foot ladder, right?
To stop that from happening, Congress passed the 1998 Digital Millennium Copyright Act. Despite the word "copyright" appearing in the name of the law, it's not really about defending copyright, it's about defending business models. Under Section 1201 of the DMCA, helping someone bypass a software lock is a felony punishable by a five-year prison sentence and a $500,000 fine (for a first offense). That's true whether or not any copyright infringement takes place.
So if you want to modify your Tesla – say, to prevent the company from cheating your odometer – you have to get around a software lock, and that's a felony. Indeed, if any manufacturer puts a software lock on its product, then any changes that require disabling or bypassing that lock become illegal. That's why you can't just buy reliable third-party printer ink – reverse-engineering the "is this an original HP ink cartridge?" program is a literal crime, even though using non-HP ink in your printer is absolutely not a copyright violation. Jay Freeman calls this effect "felony contempt of business model."
Thus we arrive at this juncture, where every time you use a product or device or service, it might behave in a way that is totally unlike the last time you used it. This is true whether you own, lease or merely interact with a product. The changes can be obvious, or they can be subtle to the point of invisibility. And while manufacturers can confine their "updates" to things that make the product better (for example, patching security vulnerabilities), there's nothing to stop them from using this uninspectable, non-countermandable veto over your devices' functionality to do things that harm you – like fucking with your odometer.
Or, you know, bricking your car. The defunct EV maker Fisker – who boasted that it made "software-based cars" – went bankrupt last year and bricked the entire fleet of unsold cars:
I call this ability to modify the underlying functionality of a product or service for every user, every time they use it, "twiddling," and it's a major contributor to enshittification:
https://pluralistic.net/2023/02/19/twiddler/
Enshittification's observable symptoms follow a predictable pattern: first, a company makes things good for its users, while finding ways to lock them in. Then, once it knows the users can't easily leave, the company makes things worse for end-users in order to deliver value to business customers. Once these businesses are locked in, the company siphons value away from them, too, until the product or service is a pile of shit, that we still can't leave:
Twiddling is key to enshittification: it's the method by which value is shifted from end-users to business customers, and from business customers to the platform. Twiddling is the "switch" in enshittification's series of minute, continuous bait-and-switches. The fact that DMCA 1201 makes it a crime to investigate systems with digital locks makes the modern computerized device a twiddler's playground. Sure, a driver might claim that their odometer is showing bad readings, but they can't dump their car's software and identify the code that is changing the odometer.
This is what I mean by "demon-haunted computers": a computer is "demon-haunted" if it is designed to detect when it is under scrutiny, and, when it senses a hostile observer, it changes its behavior to the innocuous, publicly claimed factory defaults:
But as soon as the observer goes away, the computer returns to its nefarious ways. This is exactly what happened with Dieselgate, when VW used software that detected the test-suite run by government emissions inspectors, and changed the engine's characteristics when it was under their observation. But once the car was back on the road, it once again began emitting toxic gas at levels that killed killed dozens of people and sickened thousands more:
Cars are among the most demon-haunted products we use on a daily basis. They are designed from the chassis up to do things that are harmful to their owners, from stealing our location data so it can be sold to data-brokers, to immobilizing themselves if you miss a payment, to downgrading themselves if you stop paying for a "subscription," to ratting out your driving habits to your insurer:
These are the "legitimate" ways that cars are computers that ignore their owners' orders in favor of instructions they get from the internet. But once a manufacturer arrogates that power to itself, it is confronted with a tempting smorgasbord of enshittificatory gambits to defraud you, control you, and gaslight you. Now, perhaps you could wield this power wisely, because you are in possession of the normal human ration of moral consideration for others, to say nothing of a sense of shame and a sense of honor.
But while corporations are (legally) people, they are decidedly not human. They are artificial lifeforms, "intellects vast and cool and unsympathetic" (as HG Wells said of the marauding aliens in War of the Worlds):
These alien invaders are busily xenoforming the planet, rendering it unfit for human habitation. Laws that ban reverse-engineering are a devastating weapon that corporations get to use in their bid to subjugate and devour the human race.
The US isn't the only country with a law like Section 1201 of the DMCA. Over the past 25 years, the US Trade Representative has arm-twisted nearly every country in the world into passing laws that are nearly identical to America's own disastrous DMCA. Why did countries agree to pass these laws? Well, because they had to, or the US would impose tariffs on them:
The Trump tariffs change everything, including this thing. There is no reason for America's (former) trading partners to continue to enforce the laws it passed to protect Big Tech's right to twiddle their citizens. That goes double for Tesla: rather than merely complaining about Musk's Nazi salutes, countries targeted by the regime he serves could retaliate against him, in a devastating fashion. By abolishing their anticircuvmention laws, countries around the world would legalize jailbreaking Teslas, allowing mechanics to unlock all the subscription features and software upgrades for every Tesla driver, as well as offering their own software mods. Not only would this tank Tesla stock and force Musk to pay back the loans he collateralized with his shares (loans he used to buy Twitter and the US predidency), it would also abolish sleazy gimmicks like hacking drivers' odometers to get out of paying for warranty service:
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Elon Musk lies a lot. He lies about being a “utopian socialist.” He lies about being a “free speech absolutist.” He lies about which companies he founded:
https://www.businessinsider.com/tesla-cofounder-martin-eberhard-interview-history-elon-musk-ev-market-2023-2
He lies about being the “chief engineer” of those companies:
He lies about really stupid stuff, like claiming that comsats that share the same spectrum will deliver steady broadband speeds as they add more users who each get a narrower slice of that spectrum:
The fundamental laws of physics don’t care about this bullshit, but people do. The comsat lie convinced a bunch of people that pulling fiber to all our homes is literally impossible — as though the electrical and phone lines that come to our homes now were installed by an ancient, lost civilization. Pulling new cabling isn’t a mysterious art, like embalming pharaohs. We do it all the time. One of the poorest places in America installed universal fiber with a mule named “Ole Bub”:
Previous tech barons had “reality distortion fields,” but Musk just blithely contradicts himself and pretends he isn’t doing so, like a budget Steve Jobs. There’s an entire site devoted to cataloging Musk’s public lies:
https://elonmusk.today/
But while Musk lacks the charm of earlier Silicon Valley grifters, he’s much better than they ever were at running a long con. For years, he’s been promising “full self driving…next year.”
Tesla is a giant shell-game masquerading as a car company. The important thing about Tesla isn’t its cars, it’s Tesla’s business arrangement, the Tesla-Financial Complex:
Once you start unpacking Tesla’s balance sheets, you start to realize how much the company depends on government subsidies and tax-breaks, combined with selling carbon credits that make huge, planet-destroying SUVs possible, under the pretense that this is somehow good for the environment:
That valuation represents a bet on Tesla’s ability to extract ever-higher rents from its customers. Take Tesla’s batteries: you pay for the battery when you buy your car, but you don’t own that battery. You have to rent the right to use its full capacity, with Tesla reserving the right to reduce how far you go on a charge based on your willingness to pay:
That’s just one of the many rent-a-features that Tesla drivers have to shell out for. You don’t own your car at all: when you sell it as a used vehicle, Tesla strips out these features you paid for and makes the next driver pay again, reducing the value of your used car and transfering it to Tesla’s shareholders:
To maintain this rent-extraction racket, Tesla uses DRM that makes it a felony to alter your own car’s software without Tesla’s permission. This is the root of all autoenshittification:
This is technofeudalism. Whereas capitalists seek profits (income from selling things), feudalists seek rents (income from owning the things other people use). If Telsa were a capitalist enterprise, then entrepreneurs could enter the market and sell mods that let you unlock the functionality in your own car:
But because Tesla is a feudal enterprise, capitalists must first secure permission from the fief, Elon Musk, who decides which companies are allowed to compete with him, and how.
Once a company owns the right to decide which software you can run, there’s no limit to the ways it can extract rent from you. Blocking you from changing your device’s software lets a company run overt scams on you. For example, they can block you from getting your car independently repaired with third-party parts.
But they can also screw you in sneaky ways. Once a device has DRM on it, Section 1201 of the DMCA makes it a felony to bypass that DRM, even for legitimate purposes. That means that your DRM-locked device can spy on you, and because no one is allowed to explore how that surveillance works, the manufacturer can be incredibly sloppy with all the personal info they gather:
All kinds of hidden anti-features can lurk in your DRM-locked car, protected from discovery, analysis and criticism by the illegality of bypassing the DRM. For example, Teslas have a hidden feature that lets them lock out their owners and summon a repo man to drive them away if you have a dispute about a late payment:
DRM is a gun on the mantlepiece in Act I, and by Act III, it goes off, revealing some kind of ugly and often dangerous scam. Remember Dieselgate? Volkswagen created a line of demon-haunted cars: if they thought they were being scrutinized (by regulators measuring their emissions), they switched into a mode that traded performance for low emissions. But when they believed themselves to be unobserved, they reversed this, emitting deadly levels of NOX but delivering superior mileage.
The conversion of the VW diesel fleet into mobile gas-chambers wouldn’t have been possible without DRM. DRM adds a layer of serious criminal jeopardy to anyone attempting to reverse-engineer and study any device, from a phone to a car. DRM let Apple claim to be a champion of its users’ privacy even as it spied on them from asshole to appetite:
Now, Tesla is having its own Dieselgate scandal. A stunning investigation by Steve Stecklow and Norihiko Shirouzu for Reuters reveals how Tesla was able to create its own demon-haunted car, which systematically deceived drivers about its driving range, and the increasingly desperate measures the company turned to as customers discovered the ruse:
The root of the deception is very simple: Tesla mis-sells its cars by falsely claiming ranges that those cars can’t attain. Every person who ever bought a Tesla was defrauded.
But this fraud would be easy to detect. If you bought a Tesla rated for 353 miles on a charge, but the dashboard range predictor told you that your fully charged car could only go 150 miles, you’d immediately figure something was up. So your Telsa tells another lie: the range predictor tells you that you can go 353 miles.
But again, if the car continued to tell you it has 203 miles of range when it was about to run out of charge, you’d figure something was up pretty quick — like, the first time your car ran out of battery while the dashboard cheerily informed you that you had 203 miles of range left.
So Teslas tell a third lie: when the battery charge reached about 50%, the fake range is replaced with the real one. That way, drivers aren’t getting mass-stranded by the roadside, and the scam can continue.
But there’s a new problem: drivers whose cars are rated for 353 miles but can’t go anything like that far on a full charge naturally assume that something is wrong with their cars, so they start calling Tesla service and asking to have the car checked over.
This creates a problem for Tesla: those service calls can cost the company $1,000, and of course, there’s nothing wrong with the car. It’s performing exactly as designed. So Tesla created its boldest fraud yet: a boiler-room full of anti-salespeople charged with convincing people that their cars weren’t broken.
This new unit — the “diversion team” — was headquartered in a Nevada satellite office, which was equipped with a metal xylophone that would be rung in triumph every time a Tesla owner was successfully conned into thinking that their car wasn’t defrauding them.
When a Tesla owner called this boiler room, the diverter would run remote diagnostics on their car, then pronounce it fine, and chide the driver for having energy-hungry driving habits (shades of Steve Jobs’s “You’re holding it wrong”):
The drivers who called the Diversion Team weren’t just lied to, they were also punished. The Tesla app was silently altered so that anyone who filed a complaint about their car’s range was no longer able to book a service appointment for any reason. If their car malfunctioned, they’d have to request a callback, which could take several days.
Meanwhile, the diverters on the diversion team were instructed not to inform drivers if the remote diagnostics they performed detected any other defects in the cars.
The diversion team had a 750 complaint/week quota: to juke this stat, diverters would close the case for any driver who failed to answer the phone when they were eventually called back. The center received 2,000+ calls every week. Diverters were ordered to keep calls to five minutes or less.
Eventually, diverters were ordered to cease performing any remote diagnostics on drivers’ cars: a source told Reuters that “Thousands of customers were told there is nothing wrong with their car” without any diagnostics being performed.
Predicting EV range is an inexact science as many factors can affect battery life, notably whether a journey is uphill or downhill. Every EV automaker has to come up with a figure that represents some kind of best guess under a mix of conditions. But while other manufacturers err on the side of caution, Tesla has the most inaccurate mileage estimates in the industry, double the industry average.
Other countries’ regulators have taken note. In Korea, Tesla was fined millions and Elon Musk was personally required to state that he had deceived Tesla buyers. The Korean regulator found that the true range of Teslas under normal winter conditions was less than half of the claimed range.
Now, many companies have been run by malignant narcissists who lied compulsively — think of Thomas Edison, archnemesis of Nikola Tesla himself. The difference here isn’t merely that Musk is a deeply unfit monster of a human being — but rather, that DRM allows him to defraud his customers behind a state-enforced opaque veil. The digital computers at the heart of a Tesla aren’t just demons haunting the car, changing its performance based on whether it believes it is being observed — they also allow Musk to invoke the power of the US government to felonize anyone who tries to peer into the black box where he commits his frauds.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
This Sunday (July 30) at 1530h, I’m appearing on a panel at Midsummer Scream in Long Beach, CA, to discuss the wonderful, award-winning “Ghost Post” Haunted Mansion project I worked on for Disney Imagineering.
Image ID [A scene out of an 11th century tome on demon-summoning called 'Compendium rarissimum totius Artis Magicae sistematisatae per celeberrimos Artis hujus Magistros. Anno 1057. Noli me tangere.' It depicts a demon tormenting two unlucky would-be demon-summoners who have dug up a grave in a graveyard. One summoner is held aloft by his hair, screaming; the other screams from inside the grave he is digging up. The scene has been altered to remove the demon's prominent, urinating penis, to add in a Tesla supercharger, and a red Tesla Model S nosing into the scene.]
Image:
Steve Jurvetson (modified)
https://commons.wikimedia.org/wiki/File:Tesla_Model_S_Indoors.jpg
CC BY 2.0
https://creativecommons.org/licenses/by/2.0/deed.en
Your car spies on you and rats you out to insurance companies
I'm on tour with my new, nationally bestselling novel The Bezzle! Catch me TOMORROW (Mar 13) in SAN FRANCISCO with ROBIN SLOAN, then Toronto, NYC, Anaheim, and more!
Another characteristically brilliant Kashmir Hill story for The New York Times reveals another characteristically terrible fact about modern life: your car secretly records fine-grained telemetry about your driving and sells it to data-brokers, who sell it to insurers, who use it as a pretext to gouge you on premiums:
This is true whether you own or lease the car, and it's separate from the "black box" your insurer might have offered to you in exchange for a discount on your premiums. In other words, even if you say no to the insurer's carrot – a surveillance-based discount – they've got a stick in reserve: buying your nonconsensually harvested data on the open market.
I've always hated that saying, "If you're not paying for the product, you're the product," the reason being that it posits decent treatment as a customer reward program, like the little ramekin warm nuts first class passengers get before takeoff. Companies don't treat you well when you pay them. Companies treat you well when they fear the consequences of treating you badly.
Take Apple. The company offers Ios users a one-tap opt-out from commercial surveillance, and more than 96% of users opted out. Presumably, the other 4% were either confused or on Facebook's payroll. Apple – and its army of cultists – insist that this proves that our world's woes can be traced to cheapskate "consumers" who expected to get something for nothing by using advertising-supported products.
But here's the kicker: right after Apple blocked all its rivals from spying on its customers, it began secretly spying on those customers! Apple has a rival surveillance ad network, and even if you opt out of commercial surveillance on your Iphone, Apple still secretly spies on you and uses the data to target you for ads:
Even if you're paying for the product, you're still the product – provided the company can get away with treating you as the product. Apple can absolutely get away with treating you as the product, because it lacks the historical constraints that prevented Apple – and other companies – from treating you as the product.
As I described in my McLuhan lecture on enshittification, tech firms can be constrained by four forces:
When companies have real competitors – when a sector is composed of dozens or hundreds of roughly evenly matched firms – they have to worry that a maltreated customer might move to a rival. 40 years of antitrust neglect means that corporations were able to buy their way to dominance with predatory mergers and pricing, producing today's inbred, Habsburg capitalism. Apple and Google are a mobile duopoly, Google is a search monopoly, etc. It's not just tech! Every sector looks like this:
Eliminating competition doesn't just deprive customers of alternatives, it also empowers corporations. Liberated from "wasteful competition," companies in concentrated industries can extract massive profits. Think of how both Apple and Google have "competitively" arrived at the same 30% app tax on app sales and transactions, a rate that's more than 1,000% higher than the transaction fees extracted by the (bloated, price-gouging) credit-card sector:
But cartels' power goes beyond the size of their warchest. The real source of a cartel's power is the ease with which a small number of companies can arrive at – and stick to – a common lobbying position. That's where "regulatory capture" comes in: the mobile duopoly has an easier time of capturing its regulators because two companies have an easy time agreeing on how to spend their app-tax billions:
Apple – and Google, and Facebook, and your car company – can violate your privacy because they aren't constrained regulation, just as Uber can violate its drivers' labor rights and Amazon can violate your consumer rights. The tech cartels have captured their regulators and convinced them that the law doesn't apply if it's being broken via an app:
In other words, Apple can spy on you because it's allowed to spy on you. America's last consumer privacy law was passed in 1988, and it bans video-store clerks from leaking your VHS rental history. Congress has taken no action on consumer privacy since the Reagan years:
But tech has some special enshittification-resistant characteristics. The most important of these is interoperability: the fact that computers are universal digital machines that can run any program. HP can design a printer that rejects third-party ink and charge $10,000/gallon for its own colored water, but someone else can write a program that lets you jailbreak your printer so that it accepts any ink cartridge:
Tech companies that contemplated enshittifying their products always had to watch over their shoulders for a rival that might offer a disenshittification tool and use that as a wedge between the company and its customers. If you make your website's ads 20% more obnoxious in anticipation of a 2% increase in gross margins, you have to consider the possibility that 40% of your users will google "how do I block ads?" Because the revenue from a user who blocks ads doesn't stay at 100% of the current levels – it drops to zero, forever (no user ever googles "how do I stop blocking ads?").
The majority of web users are running an ad-blocker:
Web operators made them an offer ("free website in exchange for unlimited surveillance and unfettered intrusions") and they made a counteroffer ("how about 'nah'?"):
Here's the thing: reverse-engineering an app – or any other IP-encumbered technology – is a legal minefield. Just decompiling an app exposes you to felony prosecution: a five year sentence and a $500k fine for violating Section 1201 of the DMCA. But it's not just the DMCA – modern products are surrounded with high-tech tripwires that allow companies to invoke IP law to prevent competitors from augmenting, recongifuring or adapting their products. When a business says it has "IP," it means that it has arranged its legal affairs to allow it to invoke the power of the state to control its customers, critics and competitors:
https://locusmag.com/2020/09/cory-doctorow-ip/
An "app" is just a web-page skinned in enough IP to make it a crime to add an ad-blocker to it. This is what Jay Freeman calls "felony contempt of business model" and it's everywhere. When companies don't have to worry about users deploying self-help measures to disenshittify their products, they are freed from the constraint that prevents them indulging the impulse to shift value from their customers to themselves.
Apple owes its existence to interoperability – its ability to clone Microsoft Office's file formats for Pages, Numbers and Keynote, which saved the company in the early 2000s – and ever since, it has devoted its existence to making sure no one ever does to Apple what Apple did to Microsoft:
Regulatory capture cuts both ways: it's not just about powerful corporations being free to flout the law, it's also about their ability to enlist the law to punish competitors that might constrain their plans for exploiting their workers, customers, suppliers or other stakeholders.
The final historical constraint on tech companies was their own workers. Tech has very low union-density, but that's in part because individual tech workers enjoyed so much bargaining power due to their scarcity. This is why their bosses pampered them with whimsical campuses filled with gourmet cafeterias, fancy gyms and free massages: it allowed tech companies to convince tech workers to work like government mules by flattering them that they were partners on a mission to bring the world to its digital future:
For tech bosses, this gambit worked well, but failed badly. On the one hand, they were able to get otherwise powerful workers to consent to being "extremely hardcore" by invoking Fobazi Ettarh's spirit of "vocational awe":
On the other hand, when you motivate your workers by appealing to their sense of mission, the downside is that they feel a sense of mission. That means that when you demand that a tech worker enshittifies something they missed their mother's funeral to deliver, they will experience a profound sense of moral injury and refuse, and that worker's bargaining power means that they can make it stick.
Or at least, it did. In this era of mass tech layoffs, when Google can fire 12,000 workers after a $80b stock buyback that would have paid their wages for the next 27 years, tech workers are learning that the answer to "I won't do this and you can't make me" is "don't let the door hit you in the ass on the way out" (AKA "sharpen your blades boys"):
With competition, regulation, self-help and labor cleared away, tech firms – and firms that have wrapped their products around the pluripotently malleable core of digital tech, including automotive makers – are no longer constrained from enshittifying their products.
And that's why your car manufacturer has chosen to spy on you and sell your private information to data-brokers and anyone else who wants it. Not because you didn't pay for the product, so you're the product. It's because they can get away with it.
Cars are enshittified. The dozens of chips that auto makers have shoveled into their car design are only incidentally related to delivering a better product. The primary use for those chips is autoenshittification – access to legal strictures ("IP") that allows them to block modifications and repairs that would interfere with the unfettered abuse of their own customers:
The fact that it's a felony to reverse-engineer and modify a car's software opens the floodgates to all kinds of shitty scams. Remember when Bay Staters were voting on a ballot measure to impose right-to-repair obligations on automakers in Massachusetts? The only reason they needed to have the law intervene to make right-to-repair viable is that Big Car has figured out that if it encrypts its diagnostic messages, it can felonize third-party diagnosis of a car, because decrypting the messages violates the DMCA:
Big Car figured out that VIN locking – DRM for engine components and subassemblies – can felonize the production and the installation of third-party spare parts:
The fact that you can't legally modify your car means that automakers can go back to their pre-2008 ways, when they transformed themselves into unregulated banks that incidentally manufactured the cars they sold subprime loans for. Subprime auto loans – over $1t worth! – absolutely relies on the fact that borrowers' cars can be remotely controlled by lenders. Miss a payment and your car's stereo turns itself on and blares threatening messages at top volume, which you can't turn off. Break the lease agreement that says you won't drive your car over the county line and it will immobilize itself. Try to change any of this software and you'll commit a felony under Section 1201 of the DMCA:
Tesla, naturally, has the most advanced anti-features. Long before BMW tried to rent you your seat-heater and Mercedes tried to sell you a monthly subscription to your accelerator pedal, Teslas were demon-haunted nightmare cars. Miss a Tesla payment and the car will immobilize itself and lock you out until the repo man arrives, then it will blare its horn and back itself out of its parking spot. If you "buy" the right to fully charge your car's battery or use the features it came with, you don't own them – they're repossessed when your car changes hands, meaning you get less money on the used market because your car's next owner has to buy these features all over again:
And all this DRM allows your car maker to install spyware that you're not allowed to remove. They really tipped their hand on this when the R2R ballot measure was steaming towards an 80% victory, with wall-to-wall scare ads that revealed that your car collects so much information about you that allowing third parties to access it could lead to your murder (no, really!):
That's why your car spies on you. Because it can. Because the company that made it lacks constraint, be it market-based, legal, technological or its own workforce's ethics.
One common critique of my enshittification hypothesis is that this is "kind of sensible and normal" because "there’s something off in the consumer mindset that we’ve come to believe that the internet should provide us with amazing products, which bring us joy and happiness and we spend hours of the day on, and should ask nothing back in return":
What this criticism misses is that this isn't the companies bargaining to shift some value from us to them. Enshittification happens when a company can seize all that value, without having to bargain, exploiting law and technology and market power over buyers and sellers to unilaterally alter the way the products and services we rely on work.
A company that doesn't have to fear competitors, regulators, jailbreaking or workers' refusal to enshittify its products doesn't have to bargain, it can take. It's the first lesson they teach you in the Darth Vader MBA: "I am altering the deal. Pray I don't alter it any further":
Your car spying on you isn't down to your belief that your carmaker "should provide you with amazing products, which brings your joy and happiness you spend hours of the day on, and should ask nothing back in return." It's not because you didn't pay for the product, so now you're the product. It's because they can get away with it.
The consequences of this spying go much further than mere insurance premium hikes, too. Car telemetry sits at the top of the funnel that the unbelievably sleazy data broker industry uses to collect and sell our data. These are the same companies that sell the fact that you visited an abortion clinic to marketers, bounty hunters, advertisers, or vengeful family members pretending to be one of those:
Decades of pro-monopoly policy led to widespread regulatory capture. Corporate cartels use the monopoly profits they extract from us to pay for regulatory inaction, allowing them to extract more profits.
But when it comes to privacy, that period of unchecked corporate power might be coming to an end. The lack of privacy regulation is at the root of so many problems that a pro-privacy movement has an unstoppable constituency working in its favor.
At EFF, we call this "privacy first." Whether you're worried about grifters targeting vulnerable people with conspiracy theories, or teens being targeted with media that harms their mental health, or Americans being spied on by foreign governments, or cops using commercial surveillance data to round up protesters, or your car selling your data to insurance companies, passing that long-overdue privacy legislation would turn off the taps for the data powering all these harms:
Traditional economics fails because it thinks about markets without thinking about power. Monopolies lead to more than market power: they produce regulatory capture, power over workers, and state capture, which felonizes competition through IP law. The story that our problems stem from the fact that we just don't spend enough money, or buy the wrong products, only makes sense if you willfully ignore the power that corporations exert over our lives. It's nice to think that you can shop your way out of a monopoly, because that's a lot easier than voting your way out of a monopoly, but no matter how many times you vote with your wallet, the cartels that control the market will always win:
Name your price for 18 of my DRM-free ebooks and support the Electronic Frontier Foundation with the Humble Cory Doctorow Bundle.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Cars bricked by bankrupt EV company will stay bricked
On OCTOBER 23 at 7PM, I'll be in DECATUR, presenting my novel THE BEZZLE at EAGLE EYE BOOKS.
There are few phrases in the modern lexicon more accursed than "software-based car," and yet, this is how the failed EV maker Fisker billed its products, which retailed for $40-70k in the few short years before the company collapsed, shut down its servers, and degraded all those "software-based cars":
Fisker billed itself as a "capital light" manufacturer, meaning that it didn't particularly make anything – rather, it "designed" cars that other companies built, allowing Fisker to focus on "experience," which is where the "software-based car" comes in. Virtually every subsystem in a Fisker car needs (or rather, needed) to periodically connect with its servers, either for regular operations or diagnostics and repair, creating frequent problems with brakes, airbags, shifting, battery management, locking and unlocking the doors:
Since Fisker's bankruptcy, people with even minor problems with their Fisker EVs have found themselves owning expensive, inert lumps of conflict minerals and auto-loan debt; as one Fisker owner described it, "It's literally a lawn ornament right now":
This is, in many ways, typical Internet-of-Shit nonsense, but it's compounded by Fisker's capital light, all-outsource model, which led to extremely unreliable vehicles that have been plagued by recalls. The bankrupt company has proposed that vehicle owners should have to pay cash for these recalls, in order to reserve the company's capital for its creditors – a plan that is clearly illegal:
This isn't even the first time Fisker has done this! Ten years ago, founder Henrik Fisker started another EV company called Fisker Automotive, which went bankrupt in 2014, leaving the company's "Karma" (no, really) long-range EVs (which were unreliable and prone to bursting into flames) in limbo:
https://en.wikipedia.org/wiki/Fisker_Karma
Which raises the question: why did investors reward Fisker's initial incompetence by piling in for a second attempt? I think the answer lies in the very factor that has made Fisker's failure so hard on its customers: the "software-based car." Investors love the sound of a "software-based car" because they understand that a gadget that is connected to the cloud is ripe for rent-extraction, because with software comes a bundle of "IP rights" that let the company control its customers, critics and competitors:
https://locusmag.com/2020/09/cory-doctorow-ip/
A "software-based car" gets to mobilize the state to enforce its "IP," which allows it to force its customers to use authorized mechanics (who can, in turn, be price-gouged for licensing and diagnostic tools). "IP" can be used to shut down manufacturers of third party parts. "IP" allows manufacturers to revoke features that came with your car and charge you a monthly subscription fee for them. All sorts of features can be sold as downloadable content, and clawed back when title to the car changes hands, so that the new owners have to buy them again. "Software based cars" are easier to repo, making them perfect for the subprime auto-lending industry. And of course, "software-based cars" can gather much more surveillance data on drivers, which can be sold to sleazy, unregulated data-brokers:
Unsurprisingly, there's a large number of Fisker cars that never sold, which the bankruptcy estate is seeking a buyer for. For a minute there, it looked like they'd found one: American Lease, which was looking to acquire the deadstock Fiskers for use as leased fleet cars. But now that deal seems dead, because no one can figure out how to restart Fisker's servers, and these vehicles are bricks without server access:
It's hard to say why the company's servers are so intransigent, but there's a clue in the chaotic way that the company wound down its affairs. The company's final days sound like a scene from the last days of the German Democratic Republic, with apparats from the failing state charging about in chaos, without any plans for keeping things running:
And while Fisker's implosion is particularly messy, the fact that it landed in bankruptcy is entirely unexceptional. Most businesses fail (eventually) and most startups fail (quickly). Despite this, businesses – even those in heavily regulated sectors like automotive regulation – are allowed to design products and undertake operations that are not designed to outlast the (likely short-lived) company.
After the 2008 crisis and the collapse of financial institutions like Lehman Brothers, finance regulators acquired a renewed interest in succession planning. Lehman consisted of over 6,000 separate corporate entities, each one representing a bid to evade regulation and/or taxation. Unwinding that complex hairball took years, during which the entities that entrusted Lehman with their funds – pensions, charitable institutions, etc – were unable to access their money.
To avoid repeats of this catastrophe, regulators began to insist that banks produce "living wills" – plans for unwinding their affairs in the event of catastrophe. They had to undertake "stress tests" that simulated a wind-down as planned, both to make sure the plan worked and to estimate how long it would take to execute. Then banks were required to set aside sufficient capital to keep the lights on while the plan ran on.
This regulation has been indifferently enforced. Banks spent the intervening years insisting that they are capable of prudently self-regulating without all this interference, something they continue to insist upon even after the Silicon Valley Bank collapse:
The fact that the rules haven't been enforced tells us nothing about whether the rules would work if they were enforced. A string of high-profile bankruptcies of companies who had no succession plans and whose collapse stands to materially harm large numbers of people tells us that something has to be done about this.
Take 23andme, the creepy genomics company that enticed millions of people into sending them their genetic material (even if you aren't a 23andme customer, they probably have most of your genome, thanks to relatives who sent in cheek-swabs). 23andme is now bankrupt, and its bankruptcy estate is shopping for a buyer who'd like to commercially exploit all that juicy genetic data, even if that is to the detriment of the people it came from. What's more, the bankruptcy estate is refusing to destroy samples from people who want to opt out of this future sale:
On a smaller scale, there's Juicebox, a company that makes EV chargers, who are exiting the North American market and shutting down their servers, killing the advanced functionality that customers paid extra for when they chose a Juicebox product:
I actually owned a Juicebox, which ultimately caught fire and melted down, either due to a manufacturing defect or to the criminal ineptitude of Treeium, the worst solar installers in Southern California (or both):
Projects like Juice Rescue are trying to reverse-engineer the Juicebox server infrastructure and build an alternative:
https://juice-rescue.org/
This would be much simpler if Juicebox's manufacturer, Enel X Way, had been required to file a living will that explained how its customers would go on enjoying their property when and if the company discontinued support, exited the market, or went bankrupt.
That might be a big lift for every little tech startup (though it would be superior than trying to get justice after the company fails). But in regulated sectors like automotive manufacture or genomic analysis, a regulation that says, "Either design your products and services to fail safely, or escrow enough cash to keep the lights on for the duration of an orderly wind-down in the event that you shut down" would be perfectly reasonable. Companies could make "software based cars" but the more "software based" the car was, the more funds they'd have to escrow to transition their servers when they shut down (and the lest capital they'd have to build the car).
Such a rule should be in addition to more muscular rules simply banning the most abusive practices, like the Oregon state Right to Repair bill, which bans the "parts pairing" that makes repairing a Fisker car so onerous:
Failing to take action on these abusive practices is dangerous – and not just to the people who get burned by them. Every time a genomics research project turns into a privacy nightmare, that salts the earth for future medical research, making it much harder to conduct population-scale research, which can be carried out in privacy-preserving ways, and which pays huge scientific dividends that we all benefit from:
If people are convinced that new, climate-friendly tech is a cesspool of grift and extraction, it will punish those firms that are making routine, breathtaking, exciting (and extremely vital) breakthroughs:
Tor Books as just published two new, free LITTLE BROTHER stories: VIGILANT, about creepy surveillance in distance education; and SPILL, about oil pipelines and indigenous landback.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
The enshittification of garage-door openers reveals a vast and deadly rot
I'll be at the Studio City branch of the LA Public Library on Monday, November 13 at 1830hPT to launch my new novel, The Lost Cause. There'll be a reading, a talk, a surprise guest (!!) and a signing, with books on sale. Tell your friends! Come on down!
How could this happen? Owners of Chamberlain MyQ automatic garage door openers just woke up to discover that the company had confiscated valuable features overnight, and that there was nothing they could do about it.
Oh, we know what happened, technically speaking. Chamberlain shut off the API for its garage-door openers, which breaks their integration with home automation systems like Home Assistant. The company even announced that it was doing this, calling the integration an "unauthorized usage" of its products, though the "unauthorized" parties in this case are the people who own Chamberlain products:
We even know why Chamberlain did this. As Ars Technica's Ron Amadeo points out, shutting off the API is a way for Chamberlain to force its customers to use its ad-beshitted, worst-of-breed app, so that it can make a few pennies by nonconsensually monetizing its customers' eyeballs:
But how did this happen? How did a giant company like Chamberlain come to this enshittening juncture, in which it felt empowered to sabotage the products it had already sold to its customers? How can this be legal? How can it be good for business? How can the people who made this decision even look themselves in the mirror?
To answer these questions, we must first consider the forces that discipline companies, acting against the impulse to enshittify their products and services. There are four constraints on corporate conduct:
I. Competition. The fear of losing your business to a rival can stay even the most sociopathic corporate executive's hand.
II. Regulation. The fear of being fined, criminally sanctioned, or banned from doing business can check the greediest of leaders.
III. Capability. Corporate executives can dream up all kinds of awful ways to shift value from your side of the ledger to their own, but they can only do the things that are technically feasible.
IV. Self-help. The possibility of customers modifying, reconfiguring or altering their products to restore lost functionality or neutralize antifeatures carries an implied threat to vendors. If a printer company's anti-generic-ink measures drives a customer to jailbreak their printers, the original manufacturer's connection to that customer is permanently severed, as the customer creates a durable digital connection to a rival.
When companies act in obnoxious, dishonest, shitty ways, they aren't merely yielding to temptation – they are evading these disciplining forces. Thus, the Great Enshittening we are living through doesn't reflect an increase in the wickedness of corporate leadership. Rather, it represents a moment in which each of these disciplining factors have been gutted by specific policies.
This is good news, actually. We used to put down rat poison and we didn't have a rat problem. Then we stopped putting down rat poison and rats are eating us alive. That's not a nice feeling, but at least we know at least one way of addressing it – we can start putting down poison again. That is, we can start enforcing the rules that we stopped enforcing, in living memory. Having a terrible problem is no fun, but the best kind of terrible problem to have is one that you know a solution to.
As it happens, Chamberlain is a neat microcosm for all the bad policy choices that created the Era of Enshittification. Let's go through them:
Competition: Chamberlain doesn't have to worry about competition, because it is owned by a private equity fund that "rolled up" all of Chamberlain's major competitors into a single, giant firm. Most garage-door opener brands are actually Chamberlain, including "LiftMaster, Chamberlain, Merlin, and Grifco":
When companies buy each other, they are subject to "merger scrutiny," a set of guidelines that the FTC and DoJ Antitrust Division use to determine whether the outcome is likely to be bad for competition. These rules have been pretty lax since the Reagan administration, but they've currently being revised to make them substantially more strict:
One of the blind spots in these merger guidelines is an exemption for mergers valued at less than $101m. Under the Hart-Scott-Rodino Act, these fly under the radar, evading merger scrutiny. That means that canny PE companies can roll up dozens and dozens of standalone businesses, like funeral homes, hospital beds, magic mushrooms, youth addiction treatment centers, mobile home parks, nursing homes, physicians’ practices, local newspapers, or e-commerce sellers:
By titrating the purchase prices, PE companies – like Blackstone, owners of Chamberlain and all the other garage-door makers – can acquire a monopoly without ever raising a regulatory red flag.
But antitrust enforcers aren't helpless. Under (the long dormant) Section 7 of the Clayton Act, competition regulators can block mergers that lead to "incipient monopolization." The incipiency standard prevented monopolies from forming from 1914, when the Clayton Act passed, until the Reagan administration. We used to put down rat poison, and we didn't have rats. We stopped, and rats are gnawing our faces off. We still know where the rat poison is – maybe we should start putting it down again.
On to regulation. How is it possible for Chamberlain to sell you a garage-door opener that has an API and works with your chosen home automation system, and then unilaterally confiscate that valuable feature? Shouldn't regulation protect you from this kind of ripoff?
It should, but it doesn't. Instead, we have a bunch of regulations that protect Chamberlain from you. Think of binding arbitration, which allows Chamberlain to force you to click through an "agreement" that takes away your right to sue them or join a class-action suit:
But regulation could protect you from Chamberlain. Section 5 of the Federal Trade Commission Act allows the FTC to ban any "unfair and deceptive" conduct. This law has been on the books since 1914, but Section 5 has been dormant, forgotten and unused, for decades. The FTC's new dynamo chair, Lina Khan, has revived it, and is use it like a can-opener to free Americans who've been trapped by abusive conduct:
Khan's used Section 5 powers to challenge privacy invasions, noncompete clauses, and other corporate abuses – the bait-and-switch tactics of Chamberlain are ripe for a Section 5 case. If you buy a gadget because it has five features and then the vendor takes two of them away, they are clearly engaged in "unfair and deceptive" conduct.
On to capability. Since time immemorial, corporate leaders have fetishized "flexibility" in their business arrangements – like the ability to do "dynamic pricing" that changes how much you pay for something based on their guess about how much you are willing to pay. But this impulse to play shell games runs up against the hard limits of physical reality: grocers just can't send an army of rollerskated teenagers around the store to reprice everything as soon as a wealthy or desperate-looking customer comes through the door. They're stuck with crude tactics like doubling the price of a flight that doesn't include a Saturday stay as a way of gouging business travelers on an expense account.
With any shell-game, the quickness of the hand deceives the eye. Corporate crooks armed with computers aren't smarter or more wicked than their analog forebears, but they are faster. Digital tools allow companies to alter the "business logic" of their services from instant to instant, in highly automated ways:
https://pluralistic.net/2023/02/19/twiddler/
The monopoly coalition has successfully argued that this endless "twiddling" should not be constrained by privacy, labor or consumer protection law. Without these constraints, corporate twiddlers can engage in all kinds of ripoffs, like wage theft and algorithmic wage discrimination:
Twiddling is key to the Darth Vader MBA ("I am altering the deal. Pray I don't alter it further"), in which features are confiscated from moment to moment, without warning or recourse:
There's no reason to accept the premise that violating your privacy, labor rights or consumer rights with a computer is so different from analog ripoffs that existing laws don't apply. The unconstrained twiddling of digital ripoff artists is a plague on billions of peoples' lives, and any enforcer who sticks up for our rights will have an army of supporters behind them.
Finally, there's the fear of self-help measures. All the digital flexibility that tech companies use to take value away can be used to take it back, too. The whole modern history of digital computers is the history of "adversarial interoperability," in which the sleazy antifeatures of established companies are banished through reverse-engineering, scraping, bots and other forms of technological guerrilla warfare:
Adversarial interoperability represents a serious threat to established business. If you're a printer company gouging on toner, your customers might defect to a rival that jailbreaks your security measures. That's what happened to Lexmark, who lost a case against the toner-refilling company Static Controls, which went on to buy Lexmark:
Sure, your customers are busy and inattentive and you can degrade the quality of your product a lot before they start looking for ways out. But once they cross that threshold, you can lose them forever. That's what happened to Microsoft: the company made the tactical decision to produce a substandard version of Office for the Mac in a drive to get Mac users to switch to Windows. Instead, Apple made Iwork (Pages, Numbers and Keynote), which could read and write every Office file, and Mac users threw away Office, the only Microsoft product they owned, permanently severing their relationship to the company:
Today, companies can operate without worrying about this kind of self-help measure. There' a whole slew of IP rights that Chamberlain can enforce against you if you try to fix your garage-door opener yourself, or look to a competitor to sell you a product that restores the feature they took away:
https://locusmag.com/2020/09/cory-doctorow-ip/
Jailbreaking your Chamberlain gadget in order to make it answer to a rival's app involves bypassing a digital lock. Trafficking in a tool to break a digital lock is a felony under Section 1201 of the Digital Millennium Copyright, carrying a five-year prison sentence and a $500,000 fine.
In other words, it's not just that tech isn't regulated, allowing for endless twiddling against your privacy, consumer rights and labor rights. It's that tech is badly regulated, to permit unlimited twiddling by tech companies to take away your rightsand to prohibit any twiddling by you to take them back. The US government thumbs the scales against you, creating a regime that Jay Freeman aptly dubbed "felony contempt of business model":
All kinds of companies have availed themselves of this government-backed superpower. There's DRM – digital locks, covered by DMCA 1201 – in powered wheelchairs:
That's how we arrived at this juncture, where a company like Chamberlain can break functionality its customers value highly, solely to eke out a minuscule new line of revenue by selling ads on their own app.
Chamberlain bought all its competitors.
Chamberlain operates in a regulatory environment that is extremely tolerant of unfair and deceptive practices. Worse: they can unilaterally take away your right to sue them, which means that if regulators don't bestir themselves to police Chamberlain, you are shit out of luck.
Chamberlain has endless flexibility to unilaterally alter its products' functionality, in fine-grained ways, even after you've purchased them.
Chamberlain can sue you if you try to exercise some of that same flexibility to protect yourself from their bad practices.
Combine all four of those factors, and of course Chamberlain is going to enshittify its products. Every company has had that one weaselly asshole at the product-planning table who suggests a petty grift like breaking every one of the company's customers' property to sell a few ads. But historically, the weasel lost the argument to others, who argued that making every existing customer furious would affect the company's bottom line, costing it sales and/or fines, and prompting customers to permanently sever their relationship with the company by seeking out and installing alternative software. Take away all the constraints on a corporation's worst impulses, and this kind of conduct is inevitable:
This isn't limited to Chamberlain. Without the discipline of competition, regulation, self-help measures or technological limitations, every industry in undergoing wholesale enshittification. It's not a coincidence that Chamberlain's grift involves a push to move users into its app. Because apps can't be reverse-engineered and modified without risking DMCA 1201 prosecution, forcing a user into an app is a tidy and reliable way to take away that user's rights.
Think about ad-blocking. One in four web users has installed an ad-blockers ("the biggest boycott in world history" -Doc Searls). Zero app users have installed app-blockers, because they don't exist, because making one is a felony. An app is just a web-page wrapped in enough IP to make it a crime to defend yourself against corporate predation:
The temptation to enshitiffy isn't new, but the ability to do so without consequence is a modern phenomenon, the intersection of weak policy enforcement and powerful technology. Your car is autoenshittified, a rolling rent-seeking platform that spies on you and price-gouges you:
Cars are in an uncontrolled skid over Enshittification Cliff. Honda, Toyota, VW and GM all sell cars with infotainment systems that harvest your connected phone's text-messages and send them to the corporation for data-mining. What's more, a judge in Washington state just ruled that this is legal:
While there's no excuse for this kind of sleazy conduct, we can reasonably anticipate that if our courts would punish companies for engaging in it, they might be able to resist the temptation. No wonder Mozilla's latest Privacy Not Included research report called cars "the worst product category we have ever reviewed":
But the OG digital companies are the masters of enshittification. Microsoft has been at this game for longer than anyone, and every day brings a fresh way that Microsoft has worsened its products without fear of consequence. The latest? You can't delete your OneDrive account until you provide an acceptable explanation for your disloyalty:
It's tempting to think that the cruelty is the point, but it isn't. It's almost never the point. The point is power and money. Unscrupulous businesses have found ways to make money by making their products worse since the industrial revolution. Here's Jules Dupuis, writing about 19th century French railroads:
It is not because of the few thousand francs which would have to be spent to put a roof over the third-class carriages or to upholster the third-class seats that some company or other has open carriages with wooden benches. What the company is trying to do is to prevent the passengers who can pay the second class fare from traveling third class; it hits the poor, not because it wants to hurt them, but to frighten the rich. And it is again for the same reason that the companies, having proved almost cruel to the third-class passengers and mean to the second-class ones, become lavish in dealing with first-class passengers. Having refused the poor what is necessary, they give the rich what is superfluous.
But as bad as all this is, let me remind you about the good part: we know how to stop companies from enshittifying their products. We know what disciplines their conduct: competition, regulation, capability and self-help measures. Yes, rats are gnawing our eyeballs, but we know which rat-poison to use, and where to put it to control those rats.
Competition, regulation, constraint and self-help measures all backstop one another, and while one or a few can make a difference, they are most powerful when they're all mobilized in concert. Think of the failure of the EU's landmark privacy law, the GDPR. While the GDPR proved very effective against bottom-feeding smaller ad-tech companies, the worse offenders, Meta and Google, have thumbed their noses at it.
This was enabled in part by the companies' flying an Irish flag of convenience, maintaining the pretense that they have to be regulated in a notorious corporate crime-haven:
That let them get away with all kinds of shenanigans, like ignoring the GDPR's requirement that you should be able to easily opt out of data-collection without having to go through cumbersome "cookie consent" dialogs or losing access to the service as punishment for declining to be tracked.
As the noose has tightened around these surveillance giants, they're continuing to play games. Meta now says that the only way to opt out of data-collection in the EU is to pay for the service:
This is facially illegal under the GDPR. Not only are they prohibited from punishing you for opting out of collection, but the whole scheme ignores the nature of private data collection. If Facebook collects the fact that you and I are friends, but I never opted into data-collection, they have violated the GDPR, even if you were coerced into granting consent:
The GDPR has been around since 2016 and Google and Meta are still invading 500 million Europeans' privacy. This latest delaying tactic could add years to their crime-spree before they are brought to justice.
But most of this surveillance is only possible because so much of how you interact with Google and Meta is via an app, and an app is just a web-page that's a felony to make an ad-blocker for. If the EU were to legalize breaking DRM – repealing Article 6 of the 2001 Copyright Directive – then we wouldn't have to wait for the European Commission to finally wrestle these two giant companies to the ground. Instead, EU companies could make alternative clients for all of Google and Meta's services that don't spy on you, without suffering the fate of OG App, which tried this last winter and was shut down by "felony contempt of business model":
Enshittification is demoralizing. To quote @wilwheaton, every update to the services we use inspires "dread of 'How will this complicate things as I try to maintain privacy and sanity in a world that demands I have this thing to operate?'"
But there are huge natural constituencies for the four disciplining forces that keep enshittification at bay.
Remember, Antitrust's Twilight Zone doesn't just allow rollups of garage-door opener companies – it's also poison for funeral homes, hospital beds, magic mushrooms, youth addiction treatment centers, mobile home parks, nursing homes, physicians’ practices, local newspapers, or e-commerce sellers.
The Binding Arbitration scam that stops Chamberlain customers from suing the company also stops Uber drivers from suing over stolen wages, Turbotax customers from suing over fraud, and many other victims of corporate crime from getting a day in court.
The failure to constrain twiddling to protect privacy, labor rights and consumer rights enables a host of abuses, from stalking, doxing and SWATting to wage theft and price gouging:
And Felony Contempt of Business Model is used to screw you over every time you refill your printer, run your dishwasher, or get your Iphone's screen replaced.
The actions needed to halt and reverse this enshittification are well understood, and the partisans for taking those actions are too numerous to count. It's taken a long time for all those individuals suffering under corporate abuses to crystallize into a movement, but at long last, it's happening.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
On September 12 at 7pm, I'll be at Toronto's Another Story Bookshop with my new book The Internet Con: How to Seize the Means of Computation.
On September 14, I'm hosting the EFF Awards in San Francisco.
I usually write this blog 5-6 days/week, but every now and again, I take a break, and when I do, I get massive link backlogs of stuff I want to write about, but lack the time to address in depth. When that happens, I turn my Saturday edition into a linkdump. Today, I present the sixth in the series – here's the other five:
https://pluralistic.net/tag/linkdump/
Why was I offline and away from my blog? I went to the dirt rave. Yes, I was one of the 70,000+ people stuck in the mud at this year's Burning Man, and when I emailed my editor at the New York Times to say I might be late on the op-ed I was working on, she asked me to write about what this year's mud crisis meant:
Bad weather is normal at Burning Man (it's a feature, not a bug);
Mostly burners leapt to the occasion, which is what people almost always do in disaster situations;
This is the second Burning Man heavy weather year in a row;
The climate emergency is tipping the Black Rock Desert from "extremely challenging" to "impossible";
This isn't the last event, place and tradition that will have to be radically reconsidered in light of the climate emergency;
But now I'm home, in my hammock, with all the laundry done – just in time to leave again. I'm about to head back to my hometown of Toronto for a book launch. The Internet Con, my latest nonfiction (from Verso Books) came out last week, and I'll be appearing at Another Story Bookshop on Tuesday:
https://anotherstory.ca/events/29283
Internet Con is a "Big Tech disassembly manual." It explains how Big Tech got so big (lax anti-monopoly enforcement, which led to regulatory capture, which let Big Tech abuse our privacy, labor rights, and consumer rights), and how we can use interoperability so it's no longer Too Big to Fail, nor Too Big to Jail:
You can read a long excerpt from the book in Wired, which lays out some of the shovel-ready legislative, regulatory and technical proposals that are the book's main purpose:
That comes from the audiobook, a DRM-free, independent edition that I financed, produced and narrated myself. You can get the audiobook everywhere except Audible, Apple Books, and Audiobooks.com, all of which have mandatory DRM policies. You can also get it direct from me:
If you'd like a signed copy, there's stock at Book Soup:
https://www.booksoup.com/book/9781804291245
Now, it was inevitable that I would do a book event for Internet Con in Toronto – I've never had a bad event there, and I love my hometown – but the timing of this event was driven by a non-book-related factor. Talking Heads is appearing together at TIFF, to support the re-release of Stop Making Sense, the greatest concert film in human history:
https://pluralistic.net/StopMakingSense
People often ask me what my favorite book is, and I always tell them that you should never trust people who have one favorite book, as it inevitably turns out to be The Bible, The Fountainhead, or Mein Kampf. But while I don't have a favorite book, I have a clear and unambiguous favorite band.
If I was forced to listen to no music other than Talking Heads for the rest of my life, I would be perfectly happy. Ecstatic, even. Throw in David Byrne, Tom Tom Club and Casual Gods and I probably wouldn't even notice anything missing.
There's a running joke among my Burning Man campmates that whenever I'm in charge of the music, I'm just shuffling Talking Heads rarities, and whenever someone puts on anything else, I demand to know which Talking Heads album it came from. Which is all to say: I have tickets for the Talking Heads event at TIFF and I could *not be more excited.*
Continuing on the Canadian theme, one of the annual highlights of Canadian media is the Massey Lectures, a series of public lectures given around the country and rebroadcast on CBC. These are always great, but recent years have been superb – Ron Deibert's 2020 series was unmissable:
This year's Masseys are shaping up to be the GOAT. They're presented by Astra Taylor, an activist rock-and-roller turned documentary filmmaker who is one of the founders of the Debt Collective, fighting for student debt cancellation. Everything Astra does is amazing and her profile on CBC Ideas gives some background on the role that unschooling played in making her the powerful activist she is today:
There's no question that things are messed up right now, but Astra and people like her shine out like beacons of hope. 17 years ago, self-described "democracy nut" Tom Stites gave one of the seminal lectures on the role news media play in democracy:
17 years later – and from his perch as editor at the essential International Consortium of Investigative Journalists – Stites presents us a long-overdue, extremely pertinent followup: "Building Civic Energy is the Goal, Not Saving Old News Business Models":
Stites's intervention is extremely timely, because policymakers all over the world have made the mistake of thinking that Big Tech is stealing the news media's content, which is absolutely untrue. It is good, actually, to index news stories and let people discuss, quote from and link to news stories. News you're not allowed to talk about isn't news, it's a secret.
But Big Tech is stealing from news. They're not stealing content – they're stealing money. The Google/Apple duopoly rakes 30% off every subscription payment collected in an app. The Google/Meta duopoly rakes 51% out of every ad-dollar (and maintain that death-grip through creepy, privacy-invading surveillance ads). Meta and Twitter hold social media subscribers hostage, forcing publishers to pay to reach their own subscribers.
We don't want the news to be Big Tech's partners – we need them to be Big Tech's watchdogs. "Link taxes" and other profit-sharing arrangements between the media and tech cut against the civic energy Stites wants to build.
(You can read more about this – along with policy prescriptions for halting Big Tech's rent-extraction from the news – in "Saving the News From Big Tech," my EFF white-paper:)
If your spirits are lifted by stories of principled activists achieving important – and improbable – victories, you could do worse than to attend the EFF Awards on in San Francisco Sept 14 (I'm the emcee). This year, we're honoring Alexandra Elbakyan for her founding of Sci-Hub, the Library Freedom Project and the Signal Foundation:
https://www.eff.org/awards/effawards/2023
In more activist news: Mozilla produced a startling and astoundingly good – if demoralizing – report on the state of digital privacy and security in the automotive sector:
Entitled, "It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy," the report reveals just how absolutely terrible the automotive sector is when it comes to privacy practices, collecting (and selling) (and giving away) information about your sex life, your geneology, your genetic characteristics, and your smell (no, seriously).
Their recommendations for which new car you should buy boil down to "don't buy a new car." I have been urging consumer research groups to release a report like this for a decade. There are whole categories of gadgets – like, say, "smart speakers" – that are unsafe at any speed. At a certain point, reviewers need to have the guts to say that every manufacturer in an entire sector is a dumpster fire and they should all be dragged in front of a firing squad – or at least a Congressional committee.
Cars, after all, are nightmares of privacy invasion and rent-extraction, the source of autoenshittification on a massive scale, a mobile form of technofeudalism:
The fact that cars score so badly on privacy is especially ironic given the campaign Big Car waged against the 2020 Massachusetts Right to Repair ballot initiative, in which car manufacturers held themselves out as the defenders of driver privacy from unscrupulous third parties who couldn't be trusted to handle the vast troves of data your car collects with every hour that God sends:
This is a familiar refrain: monopolists often claim that any check on their absolute authority over their users will expose those users to privacy risks. Apple has run a global ad-campaign claiming this, and while Apple does prevent Facebook from spying on iPhone owners, they also secretly spy on those customers in exactly the same way that Facebook used to, and lie about it:
It turns out that giant companies just aren't good proxies for their customers' interests, and that the power they amass through monopolization shouldn't be counted on as a source of user safety. Monopolists won't reliably defend user privacy – that job belongs to democratically accountable regulators. That's an argument I developed in detail with Bennett Cyphers in our EFF white-paper "Privacy Without Monopoly":
That is, rather than getting privacy by "voting with your wallet," you need to get it by voting with your ballot. "The market" is an election that you vote in with dollars, which means that the people with the most dollars always win. When there are zero cars on the market that are safe to drive, you can't vote with your wallet by buying a good one.
On a related subject, the DOJ Antitrust Division has brought the most important tech anti-monopoly case of the century, charging Google with monopolizing search:
Part of the DOJ case turns on the fact that Google goes to extraordinary lengths to keep you from every trying another search engine, paying out more than $45 billion every year to be the default search on every device, program and service you might use. In other words, Google spends entire Twitter's worth of dollars every year, lighting it on fire to keep you from finding out about rivals.
Google argues that this is fine, actually, because these are only defaults, and users can dig through their settings to change their search engine. Sure, Google – and the first 20 search results you serve are only defaults, and it wouldn't matter if you were ordered to put them ten screens down, because users could always scroll to see them.
But search defaults aren't the only way that Google locks in searchers – and then harms us by invading our privacy. Google's ubiquitous Chrome browser ties Google's search to Google's invasive, nonconsensual, total surveillance. Chrome turned 15 this year and Google made a huge PR splash out of the anniversary:
But all that puffery conspicuously failed to mention that Google had quietly rolled out its long-discredited, new surveillance technology, FLOC, which it pretended to kill in 2021:
FLOC is back, rebranded as the Topics API: this is a system for spying on you so advertisers can target you. Google is spinning this as a privacy improvement because it might someday replace "third party cookies," one of the creepiest web surveillance systems.
But as Ron Amadeo writes for Ars Technica, Chrome is the last major browser to support third party cookies – both Safari and Firefox block them by default. So Google is basically saying, "We are going to improve your privacy by changing how we spy on you, even though all our competitors don't do this kind of spying at all":
This kind of gaslighting, where Google pisses in all our mouths and tells us it's raining, is the hallmark of a decrepit, arrogant, crapulent monopolist that needs to be shattered in the courts. Kudos to the DoJ for doing the people's business here – and kudos to DoJ antitrust boss Jonathan Kanter for promising that he will not go into corporate law when he finishes his stint in government.
The DoJ isn't the only public agency that's serving the American people. The FCC just announced proceedings to force cybersecurity labels for "smart" devices:
This is long overdue, and it's a welcome action from the FCC, which was hamstrung for years because cowardly Democratic senators joined with homophobic, libelous Republicans in blocking confirmation hearings for the amazing Gigi Sohn:
After years of abuse, Sohn bowed out. Now, Anna Gomez has been confirmed to fill that fifth FCC chair, turning the FCC into a fully operational battle station:
The fact that there's all this great stuff going on in the administrative branch is easy to lose sight of amidst the circus of federal electoral politics, in which Donald Trump has retained his role as ringmaster and chief distractor.
Thankfully, we have expert Pantsless Emperor skewerers like Ruben Bolling around – his latest Tom the Dancing Bug revives his brilliant Calvin and Hobbes-inspired Trump gag:
Well, that's me signing off for the weekend – I've got to pack for my flight to Toronto. If you're looking for more weekend fun, check out the trailer for Fractured Veil, the video game my old pal Chris DiBona has been working on for seven years and which is heading for Steam early access next month:
https://www.youtube.com/watch?v=NjNd3QQnENU
Just watch it. I mean. Wow.
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
