Leaving Las Birdas

[NB: check the byline, thanks. /~Rayne]

Marcy asked Sunday about a checklist of actions:

It’d be useful for someone to put together a checklist for journalists to prepare for the inevitable banning: download archive, delete DMs and phone number, update Masto follows… What else?

I started drafting one but as I was doing so, Elmo was changing the rules. I had to toss some parts, rewrite others, do more research than I expected all because Elmo decided he was going to ban a journalist permanently (WaPo’s Taylor Lorenz) and ban all references to certain other social media platforms.

And then Musk did a 180-degree turn and deleted a bunch of the new rules late Sunday evening.

A flood of new users over the weekend combined with increased posting volume flooded Mastodon servers again, making everything a bit slow. It will speed up again once everything settles down into a new stasis.

Anyhow, here’s the list journalists probably could have used already.

1) Get your Archive — Do not pass go, do not collect $200 until you have requested an archive of your Twitter history which includes all your tweets, retweets, quote tweets, media, more.

— Select Settings and privacy.
— Choose Your account.
— Select Download an archive of your data.
— Confirm your password, then select Request archive.
— Watch for notice in your Settings within the next 2-5 days that your archive is ready to download. Don’t count on an email notification as those appear to be spotty.

This archive will not be readily readable to folks who don’t code, but there are tools to format it into readable structure.

2) Obtain 2FA backup passcodes — you need a way to access your account if Twitter’s 2FA service crashes. It has in Ukraine and India and spottily in the US since November 1.

Once you have your 2FA backup passcodes, make sure you have 2FA set up on your account. Next step will help a lot with 2FA.

3) Remove your phone number from your Twitter account. Lifehacker published a how-to. If you must keep a phone number attached, consider either switching it to a dedicated cheap burner or leave the existing number but get a new number wholly separate from Twitter for everything else.

Unauthorized use and sale of phone numbers may violate the FTC’s consent decree, but Musk has already proven repeatedly he doesn’t care what the FTC’s consent decree says, having violated it multiple times since taking control of Twitter. Don’t assume regulation can restrain him or that regulatory bodies in the U.S. or EU can act before the damage is done.

4) Leave contact information as to where else you can be found.

Musk is now suspending accounts for sharing Mastodon, Facebook, Instagram, Post, Tribel, TruthSocial, Nostr addresses and links. To ensure readers can still obtain addresses at these platforms, try these alternatives:

— There are three open source link shorteners available which can mask an underlying link. See https://opensource.com/article/17/3/url-link-shortener for information about Lessn More, Polr, and Yourls; or

— Use Glitch.com to cite all your social media addresses and identities in one link. You can ‘hide’ your Mastodon address in it and use the URL on your Twitter profile;

— Another approach is to collect your identities and put them in an image file and add it to a pinned tweet (do not include any text referring to the image’s content). So far I haven’t seen any indication Twitter is using OCR to detect ‘forbidden’ addresses except perhaps in profile header images;

— If you already have a blog, you can draft a post or a page with all your contact information in it and link to that page/post. (I’ve done this, it’s very easy.)

5) Delete your Direct Messages (DMs) — this may take some time if you haven’t had a practice of deleting them as you go along. In the future use Signal for private messages with auto-deletion so you don’t have this albatross to deal with if you need to leave another social media platform.

Protect your sources and ask them to make sure they’ve deleted on their end as well.

6) Delete your Tweets — this is not a necessity and may actually cause problems if others have relied on your tweets in their reporting. Unlike DMs, tweets are assigned a unique URL; deleting one can create a 404 error for anyone who cited one of your tweets. Think long and hard about doing this.

It may be difficult to delete more than your last 3200 tweets. I couldn’t; the service I used choked on the copy of my archive for one of my accounts. So I left it as it was.

If you have sensitive tweets which could end up deleted by Twitter’s current or future regime, consider archiving them in the Wayback Machine at the Internet Archive.

7) Pull a list of follows/followers if you’re headed to Mastodon — technically speaking, this information is in your archive copy but without the right tool it can be difficult for the non-coder to read. Use tools like Fedifinder or Twitodon to pull a list of follows/followers identifying those who’ve migrated to Mastodon already. Log into your Mastodon account and follow the emigres as desired.

8) Nuclear Options: a) Lock your account, or b) Deactivate/Delete your account.

a) Locking your account means it is only visible to your existing followers at the time it is locked. You won’t get spammed/trolled by non-following accounts while you’re locked. Other accounts may try to follow you but you’ll have to approve them and at this point most may be spammers or troll/bot accounts not worth your time to screen let alone approve.

b) Deactivating/Deleting your account will freeze your username for 30 days but after that the username is available for use by another new user. I do NOT recommend this; if your name is your brand, you don’t want someone misusing it. Just make sure the account is secured by 2FA and walk away.

Between my two accounts I have less than 3000 followers and I’d informed them the account was going on hiatus and left info on how to find me. I locked my accounts and haven’t logged back in.

9) Prep your other social media/future social media home — I’m not going to assume journalists are headed to Mastodon though many are. Some media figures are heading elsewhere.

— Make sure to update your other/new media accounts with new addresses as appropriate;

— Make sure you’ve activated 2FA or MFA secured logins on your other/new accounts;

— If you’re leaving Twitter, remove buttons and links from your social media accounts and — blog/website which take readers to your Twitter account;

— Share a post as soon as possible on your alternate platform(s) advising your status, and then make sure to sustain some level of consistency in posting there to develop audience.

10-a) If you are moving to Mastodon — find the circulating lists of journalists who’ve opened a Mastodon account. Follow your peeps from that list, have yourself added to that list.

an ongoing Google Doc of journalists prepared by Tim Chambers, administrator of indie.social (@[email protected]):

https://docs.google.com/spreadsheets/d/13No4yxY-oFrN8PigC2jBWXreFCHWwVRTftwP6HcREtA/htmlview

The list is at least 1280 entries long. When clicking through the link above, note the link at the top to a form to collect new entry’s personal information.

an ongoing active list of verified journalists prepared by Dave Lee of the Financial Times (@[email protected]):

https://www.presscheck.org/

Caveat: Dave is swamped, there’s a backlog of requests by new accounts.

10-b) If you are moving to Mastodon — you have a lot to learn in a short period of time; make sure you understand how Mastodon’s culture differs from Twitter’s, and how the lack of algorithms and nominal analytics may change your mode of operation.

— YouTube video introduction by Jeff Jarvis (@[email protected]), journalism prof at CUNY Newmark School:

https://www.youtube.com/watch?v=Xnbct41Sxnk

— Introduction to Mastodon at Washington Post:

A guide to getting started with Twitter alternative Mastodon (gift link)

There was another intro at Wall Street Journal this weekend as well — which says something interesting, doesn’t it? I don’t have a link to it, though, as I don’t have a subscription.

~ ~ ~

Now, a note about reporting on Elmo and Twitter going forward: ARCHIVE TWEETS BEFORE REPORTING ABOUT THEM. Make this an automatic practice.

I’ve run in to a number of situations where journalists have posted in Mastodon about Twitter rules and Elmo’s tweets, sharing links to the Twitter-based content. Because I refuse to give Twitter traffic I copy the URL of the tweet and check the Internet Archive first for an archived copy instead.

I can’t tell you how many times the shared tweet url had NOT been archived, even this Sunday during the height of Musk-ian confusion about the new rule regarding mentions of social media competitors.

Do not trust Elmo not to delete content whether tweets or administrative content under Help, Twitter Support, or other Twitter organization account. Take a screenshot, document the hell out of it. Add any links to the Wayback Machine at the Internet Archive.

Polititweet had been archiving Musk’s tweets including tracking those deleted, but I can’t be certain it’s up to date.

Just don’t trust him or the business he runs because it’s not the Twitter you once knew.

~ ~ ~

Go. Remember you’re supposed to afflict the comfortable and comfort the afflicted. Do it from a better place than the circus Twitter has become.

Held Hostage by the Barmy Bird

[NB: check the byline, thanks. /~Rayne]

Of all the journalists suspended by Elmo on the bird site, I was bothered most by that of Voice of America’s Steve Herman.

I mentioned before he’s a straight news kind of guy. I’d followed his account at Twitter so far back I can’t remember which of us had a Twitter account first. He was one of the few early Twitter sources I could rely on for news about earthquakes in Japan. His coverage of the Fukushima nuclear power plant in 2011 was invaluable.

But the most important factor about Herman’s suspension is that he is a U.S. government employee.

Herman works for us. He’s paid with our tax dollars.

And a single foreign-born billionaire offering weak excuses after the fact had OUR public employee suspended for doing their job.

Once again, I’ll point out that Elmo was exercising his own free speech rights by suspending journalists on the social media platform he owns.

Popehat said it better, of course:

Remember: Twitter is Elon’s company, he has the free speech and free association right to run it pretty much however he wants and to ban people for petty narcissistic reasons.

And we have the right to laugh and point at his ridiculousness and at the free-speech pretenses of his gullible fans.

But even Popehat said that on Mastodon.

Elmo may be within his rights to capriciously decide to suspend journalists, but in suspending VOA’s Herman it became crystal clear that the U.S. government should not allow its resources to be subject to the whim of a single individual when the entire country relies on those resources.

Thankfully, Herman was already on Mastodon before the suspension and has been ramping up posting on that open platform since he launched his account.

But it’s who else is NOT on Mastodon which is now a problem.

Every member of Congress who has an account on Twitter is vulnerable to suspension.

Every U.S. government department and agency still on Twitter is likewise at risk.

Let’s say Musk becomes annoyed with the Federal Aviation Administration because of its regulations on airspace and planes, commercial and private. Could he suspend the FAA’s account?

Or perhaps Musk gets his pants in a knot about National Aeronautics and Space Administration because he and NASA don’t see eye to eye about a SpaceX-related matter. Could he suspend NASA accounts (there are multiple for this agency).

One might say, “Surely Musk wouldn’t be stupid/crazed enough to do that.”

Except he’s already suspended one employee of a U.S. government agency, and holding that person’s account hostage until content is deleted from that person’s account.

Elmo might have the right to do this, but the U.S. should not be held hostage by a pasty excessively-monied git with an unmanaged ego.

Look at this situation from another angle: this is ransomware denying service to a user until a specific deliverable has been provided.

In VOA’s case, Musk by way of Twitter Safety has demanded Herman delete a tweet before service will be resumed.

How should a government agency respond to demands for ransom like this, when an open platform is ready and waiting to provide alternative service?

There’s no good reason why each department and agency is still on Twitter but not on Mastodon, nor is there any good reason why each member of Congress doesn’t have an account on Mastodon.

None of the work government departments, agencies, and employees do should be impeded by the private sector let alone by a single butt-hurt billionaire.

Contact your members of Congress and tell them this needs to be fixed going into the next session of Congress. Each of them and their caucuses need to have a non-commercialized open social media platform account.

Congressional switchboard: (202) 224-3121 or use Resist.bot (which has a Mastodon account, by the way).

After the Deluge: What’s Next on Mastodon for Journalism? [UPDATE-2]

[NB: check the byline, thanks. Updates at the bottom of this post. /~Rayne]

After Thursday’s Musk-ian tantrum booting off more than eight journalists from Twitter, there was a stampede of new users opening accounts on the open social media platform Mastodon.

It bogged down performance considerably on the largest servers. My timelines lagged by nearly three hours at one point on mstdn.social. But that was Friday; there wasn’t a lot of urgent news. We could afford the lag.

Though service improved greatly over 24 hours later, servers may still be throttled a bit. They’ll likely be upgraded over the next week or two depending on the instance and if traffic continues to level out over the next 48 hours.

The lag will be more obvious than some of the corporate-owned commercial platforms, but we’ve all seen now what the price is for the responsiveness of commercial Big Tech.

Besides, we’ve been here before during early rapid growth of a platform.

We’ll get through this.

~ ~ ~

Now that journalists have finally been confronted by the reality their go-to social media platform is run by an erratic narcissist, it’s time to ask what’s next.

Some of the outlets employing these journalists are already turning a blind eye to what happened now that Musk has lifted the suspension on several journalists. The selective approach should be yet another signal to media outlets that there is no return to normal. The big name outlets like CNN, NYT, NBC saw the ban on their journalists lifted, but the smaller independent outlets and freelance journalists are still suspended.

Among them are the only woman of color who was banned (Linette Lopez) and a commentator who’s retired from political commentary (Keith Olbermann). Hello racism, misogyny, ageism, and not a single complaint from the big media outlets about this because they’re not affected (wow, if that doesn’t say something else).

Not only is the Musk-ian problem of throttled journalism continuing, it will happen again. It’s just a matter of time before some other issue arises which trips Musk’s hair trigger and a journalist or outlet will be suspended.

(While I was writing this piece, Washington Post’s Taylor Lorenz was suspended from Twitter without explanation. Her account also happens to be on the so-called antifa list circulated last month — surely just a coincidence, hmm?)

There’s purpose to this beyond an expression of Musk’s shallowness. It’s now a means to change the subject and redirect journalists’ attention — even away from some of the journalism being throttled.

What was it that Lopez reported which triggered Musk? Why isn’t that getting more attention?

And as I asked in my previous post, what really tripped the suspension of Matt Binder? Was it about Tesla’s performance?

This is among the what’s next actions: journalists and their employers need to stop getting played by Musk the same damned way they were played by another malignant narcissist who mastered undermining and marginalizing the media.

Stop navel gazing and start doing more and better reporting about Musk and his effect on free speech and press freedom.

Publish it on an open social media platform, which the narcissist’s platform isn’t.

Do that with all reporting.

~ ~ ~

Consultant Dan Hon has posted a few observations, assessments, and recommendations of media outlets’ next steps. He began writing about news organizations moving to open web platform Mastodon back in October just before Musk took ownership of Twitter, before journalists were banned:

— News outlets need a Mastodon instance;
— Instances should be associated with organization’s existing website URL to ease discovery while building on and enhancing brand;
— Instances should verify its journalists’ (and opinion columnists’) identities through the Mastodon instance;

Thursday’s journalists’ suspensions emphasize the importance of Hon’s recommendations. News media shouldn’t be held hostage by a single billionaire with an attitude, especially if these outlets don’t have financial relationship with that billionaire and his social media business.

It’s possible the big name media outlets whose journalists’ suspensions were lifted have or have had advertising purchases with Twitter which influenced Musk’s handling of the suspensions.

No outlet so far has copped to this though it’s certain some participate in Twitter’s video monetization program Amplify. We only know that some of the outlets begged for mercy *cough* asked for reconsideration of the suspensions.

The New York Times asked its reporters not get into confrontations with Musk in public view on Twitter.

In one case the news outlet has punished the journalist for their coverage of Musk. NBC dressed down Ben Collins and pulled him off coverage of Twitter for his tweets earlier in the month which were characterized as “not editorially appropriate.”

NBC’s behavior may have emboldened Musk.

Entities pleading with Musk like the American Foreign Service Association on behalf of VOA’s Steve Herman may only have fed Musk’s ego.

FreePress.net’s insistence Musk step aside as Twitter’s CEO is laughable given how much of his own wealth is invested in the business, not to mention Musk was exercising his own free speech rights suspending journalists.

None of these actions deal with the problem, which is that a media platform has been taken over by a billionaire fascist narcissist with no genuine interest in free speech and a free press.

Dealing with this effectively means building a better mousetrap which can’t be overtaken by a single person’s whims.

There have been some instances established on open platform Mastodon for some media outlets listed below:

— USA —
https://c.im/@ABC (bot)
https://c.im/@CNN (bot)
https://c.im/@NBC (bot)
https://journa.host/@onthemedia
https://journa.host/@[email protected]
https://mstdn.social/@RollingStone
https://newsie.social/@TheConversationUS
https://newsie.social/@themarkup
https://newsie.social/@Chalkbeat
https://newsie.social/@STAT
https://newsie.social/@ProPublica
https://newsie.social/@damemagazine
https://mastodon.world/@FAIR
https://mastodon.world/@foreignpolicy
https://mastodon.world/@theprospect
https://mastodon.social/@niemanlab
https://mastodon.social/@GovTrack

— US Local —
https://mastodon.social/@gbhnews
https://mastodon.social/@KCStar (bot)
https://texasobserver.social/@TexasObserver
https://newsie.social/@Chron
https://mastodon.tucsonsentinel.com/@TucsonSentinel
https://journa.host/@msfreepress
https://journa.host/@berkeleyscanner
https://sfba.social/sfchronicle
https://sfba.social/@sfgate
https://sfba.social/@sfstandard
https://sfba.social/@thevallejosun
https://verified.mastodonmedia.xyz/@theoregonian
https://mas.to/@sltrib

— Technology —
https://c.im/@Mashable (bot)
https://c.im/@Engadget (bot)
https://geeknews.chat/@arstechnica
https://mastodon.social/@macrumors
https://restof.social/@restofworld

— Sports —
https://c.im/@NBA (bot)
https://c.im/@NFL (bot)
https://c.im/@MLB (bot)
https://c.im/@NHL (bot)
https://c.im/@Soccer (bot)

— International —
https://botsin.space/@bbcworld (bot)(UK)
https://bylines.social/@BylinesNetwork (UK)
https://bylines.social/@BylinesScotland (Scot)
https://bylines.social/@BylinesCymru (Wales)
https://bylines.social/@YorksBylines (UK)
https://bylines.social/@NEBylines (UK)
https://bylines.social/@BylinesEast (UK)
https://bylines.social/@CentralBylines (UK)
https://bylines.social/@NWBylines (UK)
https://bylines.social/@KentBylines (UK)
https://bylines.social/@SussexBylines (UK)
https://bylines.social/@WEBylines (UK)
https://c.im/@BBC (bot)(UK)
https://c.im/@DW (bot)(German)
https://mastodon.social/@riffreporter (German)
https://mamot.fr/@lesjoursfr (France)
https://mamot.fr/@mdiplo (France)
https://piaille.fr/@Vert_le_media (France)
https://piaille.fr/@politis (France)
https://amicale.net/@lemondefr (bot)(France)
https://masto.ai/@linforme (France)
https://mastodon.social/@Reporterre (France)
https://mastodon.social/@Mediapart (France)
https://mastodon.social/@citizenlab (Canada)
https://mastodon.social/@rferl (International, Ukraine)

Note those marked (bot) — these may not have been established by the news organization but instead by some other entity whose identity is not clear. They are cross-posting news headlines from somewhere, possibly Twitter. Each (bot) is a failure; it may share the organization’s news articles faithfully, but the site isn’t verified and its posts will never answer any questions from readers. It’s a loss of control over IP and branding, at a minimum.

The real successes are those which set up their own instances, like the Texas Observer. Best in class is the Bylines Network which has not only established an instance but accounts for each of its local news subsidiaries. Ideally this is what news organizations like Gannett or McClatchy would do with their network of local papers.

Of course these are all news outlets which still focus on print; television news should take the same approach.

And all of the journalists who report for these entities should have verified accounts with their employers’ instance.

Not a single thin dime need be spent on Twitter Blue to achieve verification.

Every instance is an opportunity to develop a closer relationship with readers in ways Twitter couldn’t provide. Because Mastodon is RSS friendly, every one of the news outlets above can be followed with an RSS reader by simply adding .rss to each address and then adding the address to a preferred RSS reader.

~ ~ ~

Why haven’t or won’t media outlets migrate to an instance on open platform Mastodon? As Don Hon wrote, it’s a bunch of work! It needs maintenance not unlike a website, and it needs a level of creative thinking which Twitter/Facebook/Instagram haven’t required because they’ve been fairly stable for years. The open web and the Fediverse is terra nova for news organizations, and it will take some craftiness to develop an new media ecosystem with measures to determine success of any invested effort.

It’s also too tempting to look at another billionaire-funded closed platform like Post.news and assume from its polished finish that this might return media outlets to normalcy.

Sadly, no. Many users are turned off by what has been characterized as a hollow echo chamber effect with little community building.

There are still more opportunities but each has has major drawbacks. Hive.social has had a major security problem; Jimmy Wales’ WT.social in beta phase is based in the UK and subject to entirely different laws regulating speech and intellectual property; no one wants to go back to relying on Facebook or Instagram, and LinkedIn wasn’t designed for the kind of community usage Twitter has had.

I have yet to hear anyone express interest in Jack Dorsey’s BlueSky which is still in development.

At some point media outlets need to face reality, as UCLA Associate Professor of Information Studies Dr. Sarah T. Roberts explained:

As people are leaving Bird for good, I find that many are engaged in what I believe is a dangerous and misguided game of mixing apples and oranges. After what just happened, and all that it has revealed about reliance on for-profit corporate entities for interpersonal and community interaction, why advocate for another such environment? Substack is already known garbage, and Post provides no future-proofing. When I say, “seize the means of your social media production,” this is why.

Seize the means, indeed.

~ ~ ~

UPDATE-1 — 12:15 P.M. ET 18-DEC-2022 —

Community member Laura Hoey informed us The Oregonian (OregonLive.com) has a Mastodon account. I’ve added it to the list of local news outlets above.

It’s a particularly interesting addition because the host instance, https://verified.mastodonmedia.xyz, is a dedicated server for use by journalists or media personalities. The owner/operator is Matt Karolian, who describes himself as “Boston Globe by day, Mastodon Admin by night.”

If you know of a local news outlet which has a Mastodon account but isn’t on the list above, let me know in comments and I’ll add it as long as comments are open on this post. Thanks!

UPDATE-2 — 3:50 P.M. ET 18-DEC-2022 —

Another local news outlet added to the list, courtesy of community member Katrina Katrinka. See Salt Lake Tribune at https://mas.to/@sltrib.

If you are a newer user of Mastodon and find the site laggy, it’s because of a crush of new accounts and more posts. I’m trying to write yet another post which should address the reason for this influx.

Three Things: Twitter Death Watch in Progress

[NB: check the byline, thanks. /~Rayne]

This could be hyperbole but it’s difficult to imagine a social media platform the size of Twitter surviving nearly 90% loss of employees across the organization inside a three-week time frame.

I certainly wouldn’t bet any of my money on it.

~ 3 ~

Thursday was the deadline Twitter’s owner Elon Musk set for remaining Twitter employees to commit to being “hardcore” for Elmo.

They were supposed to have clicked/not clicked by 5:00 p.m. to take an offer of termination with severance.

Many are choosing to walk away, their goodbyes recorded in this ongoing thread (link active at time of posting but no guarantees how long it will stay up):

Kylie Robison for Fortune Magazine reported in a Twitter thread that as much as 88% of the staff Twitter had when Musk took over on October 27 has either been fired or opted to leave.

There were employees on vacation, on medical leave, and under H1-B visa who have questions which haven’t been answered; they will not have been able to make a fair election of hardcore for Elmo or nope, thanks.

The number of employees which may fall under this category could be about 1000.

At one point it was said Musk was negotiating with a handful of key engineers critical to keeping Twitter running.

Zoe Schiffer at Platformer reported at 6:52 p.m. ET badge access had been suspended and the Twitter office buildings closed.

Her tweets leave open the possibility some of the employees who opted to leave may yet be asked to remain.

I wouldn’t hold my breath after reading BusinessInsider’s Kali Hays.

How does a company operate without payroll?

If Twitter has virtually no information security personnel, likely has no documented plan in place for dealing with this scenario, let alone failures all along the way for handling roll out of the Twitter Blue verification system which was a mess of violations all on its own, Twitter could be hammered hard by the Federal Trade Commission for failing to meet the terms of the 2011 consent agreement.

I don’t think it’d be unreasonable to say FTC has grounds to shut Twitter down right now if no users’ or advertisers’ data is secure; the FTC has shut down businesses before. Taking any money from advertisers at this point let alone users for Twitter verification or Twitter Blue would shortchange them if they expected data security.

As Alex Stamos, Facebook’s former CISO notes in this Twitter thread, it’s not just the FTC with whom Musk and Twitter will be in trouble. Twitter’s former outside counsel Riana Pfefferkorn agrees there are big problems and has more to add.

And Elmo’s response to all of this is shitposting.

Not even his own shitposting; he stole the meme from another user.

With total staffing and capabilities up in the air, will Twitter survive into the World Cup which begins on this coming Sunday November 20?

I won’t even put money on that.

~ 2 ~

Marcy wrote recently about Elmo’s forced marriage. Looking at the timeline of events leading up to the closing of the Twitter acquisition, there was certainly something iffy in the way Elmo avoided a background check and due diligence when offered a seat on the board of directors in April, and in the way he hustled out of Delaware’s Chancery Court in October where discovery might have revealed all that wasn’t back in April.

@capitolhunters found some embarrassing information about Elmo which might explain his skittishness. It’s public record but unless one is determined to find it, it won’t surface readily.

Read the entire thread at the Internet Archive; I wouldn’t count on it being available at Twitter. It may have been shadow banned at one point earlier Thursday evening as I couldn’t pull it up.

Is it possible the lack of qualifications and credentials as well as his former status as an illegal immigrant are the reasons why Musk appeared to avoid a background check and due diligence?

Is this a compelling reason he should not have been able to purchase Twitter to begin with — because he could be compromised because of repeated misrepresentations about his background?

~ 1 ~

If you’re a regular Twitter user, you may wish to see something constructive done and soon. There are entire communities of people who can’t just switch to another platform because they’ve had small businesses built up around their Twitter presence. There are minority groups who have difficulty switching to different platforms; without Twitter they lose contact with others in their minority community.

One only need look at the mass shooting at University of Virginia last weekend and the confusion about verification on Twitter to realize how serious the loss of Twitter’s integrity as a utility is to much of the U.S. — and it’s not just the U.S.

I recommend checking @Celeste_pewter’s Twitter thread for action items including calling your senator.

(There’s a copy of her thread at the Internet Archive just in case the original one at Twitter becomes unavailable.)

~ 0 ~

I can’t help think of two things:

— Oil producing countries Saudi Arabia, Qatar, and UAE financed a considerable portion of Musk’s purchase of Twitter, with Prince al Waleed being the second largest investor. Did they do it for an investment, for access to a media space to promote their agenda, or because they saw a way to screw with one of the most popular electric car manufacturers by giving its compromised CEO the means to fuck himself?

— Text messages produced as part of discovery in Twitter’s lawsuit against Musk included messages between Musk and his ex-wife Talulah (Jane) Riley in which she begged him to buy Twitter and delete it because Twitter had banned conservative satire site Babylon Bee. Riley had discussed the banning with her close friend Raiyah Bint Al-Hussein, wife of British journalist Ned Donovan, and half-sister to King Abdullah II of Jordan. Why would a British actress like Riley be so upset about an American conservative website’s banning by a U.S. social media platform?

Three Things: The Early Bird Got Wormed

[NB: Check the byline, thanks. /~Rayne]

The self-ownage continues at Twitter. I don’t even know where to start because there’s just so much damage in the bird app’s debris field.

Let’s go with the problems closest to deaths.

~ ~ ~

The brilliant billionaire who overpaid for Twitter, who thought his Tesla engineers were qualified to determine staffing levels on software created over 16 years they didn’t write, had another brilliant idea.

He played Jenga with code within the platform because the application was too slow.

(I haven’t heard anyone complain about Twitter’s speed in ages, and when there’ve been complaints they’re usually in tandem with a major event flooding the network and system with user requests and tweets.)

Twitter’s speed hasn’t been a bottleneck to increasing users or profitability.

In the process of unplugging stuff to see if the platform would speed up, a worker who actually knew something about all the legacy code criticized Musk’s absurd efforts.

Free speech absolutist Musk fired him, egged on by his fanboi trolls.



And then users began to experience problems with Two-Factor Authentication (2FA) over Short Message Service (SMS), otherwise know as text messages.

The security system which allows users to ensure their account can’t be accessed by unauthorized persons was broken, preventing users from accessing their accounts.

This also prevented users from checking their accounts to make sure they weren’t hacked and their verification worked.

~ ~ ~

Which is why during Sunday’s night’s mass shooting at University of Virginia, students as well as the public following the story were reportedly confused about UVA’s emergency message. They couldn’t be sure after Elon Musk’s back-and-forth changes to its verification system whether the message they read in Twitter from UVA-Emergency Management was legitimate.

Fortunately students used their own student-developed thread in a mobile app called Yik Yak to validate the emergency. Yik Yak has been problematic in the past, pulled from app stores because of unmoderated toxic behavior, but it was relaunched in 2021 and valuable to students during the shooting lockdown at UVA because Yik Yak limits reach to five miles. In other words, the students knew whoever was using the app was local to campus.

It’s possible the students could have deduced the UVA-Emergency Management tweet was legitimate because it displayed the source of the message – Rave Mobile Safety, an emergency messaging system. Had UVA-Emergency Management’s account been spoofed, a phone or desktop might have appeared instead of Rave.

This detail may not be available for much longer. Musk thinks identifying the source of tweets by device or application is just inconvenient bloatware.

Should we ask UVA students and their parents about Twitter’s bloatware problem?

~ ~ ~

As I noted in my previous Twitter acquisition timeline post, the company has been subject to a Federal Trade Commission consent decree since 2011 because of its failures to assure users’ personal data was secure.

From the FTC’s 2011 statement:

…The FTC alleged that serious lapses in the company’s data security allowed hackers to obtain unauthorized administrative control of Twitter, including both access to non-public user information and tweets that consumers had designated as private, and the ability to send out phony tweets from any account.

A $150 million penalty had been levied by the FTC only a month after Twitter and Musk agreed on terms for the acquisition.

And yet Musk noodled around with Twitter Blue and the blue check verification system, affecting the verification status of organizations as well as individuals – none of the changes done with documentation prepared in advance, or with red team testing for quality assurance.

Musk’s ham-handed mucking around in microservices temporarily affecting 2FA SMS – some accounts are apparently still affected – was likewise done without advance preparation, and in the face of criticism by seasoned employees who understood the system.

It’s worth noting in that same statement by the FTC these last two paragraphs:

NOTE: A consent agreement is for settlement purposes only and does not constitute an admission by the respondent that the law has been violated. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $16,000.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,800 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics. “Like” the FTC on Facebook and “follow” us on Twitter.

Though the FTC might want to rethink that last Follow, persons who felt their personal data was at risk over the last three weeks might want to drop the FTC a note.

~ ~ ~

After reading about the acquisition and the subsequent mass terminations along with the manifold fuck-ups like verification and 2FA SMS, I wonder if Musk and Twitter executives ever notified the FTC of the change in ownership as required by the consent decree.

The Tanking of Twitter

[NB: Check the byline, thanks. /~Rayne]

First, before the rest of this post, a warning: if you have a Twitter account, active or inactive, go turn on 2FA.
Do it on a desktop or laptop, not your phone.
Be sure to obtain a single-use backup code for secure login in case you’re unable to use 2FA.*

There are too many reports right now of quirky things going on at Twitter. Just play it safe and protect your account.

~ ~ ~

It’s amazing how little drag billions of dollars provides in the face of gravity — and by gravity I mean the force hubris and ignorance may exert when they meet reality.

This observation is spot on after Thursday’s conference call with Twitter’s current owner, Elon Musk:

I don’t even dare embed the original tweet because it may disappear if the worst should come to pass and swaths of Twitter are shuttered to outside access.

How the hell did Musk, the head of SpaceX and Tesla, manage to burn up so much goodwill inside 16 days?

Let’s take a look at the timeline of events since Musk began buying stock in Twitter.

Date

Description

31-JAN-2022

Musk begins accumulating shares of Twitter

14-MAR-2022

Musk now owns 5% of Twitter

25-MAR-2022

Musk polls Twitter users, “Free speech is essential to a functioning democracy. Do you believe Twitter rigorously adheres to this principle?” 70% of 2 million participants said no.

26-MAR-2022

Reuters: Elon Musk giving ‘serious thought’ to build a new social media platform

Musk makes contact with former Twitter CEO Jack Dorsey as well as Twitter board members to discuss the platform

04-APR-2022

Musk filed a Schedule 13G with the Securities and Exchange Commission, revealing his acquisition of a 9% stake in Twitter.

The SEC acknowledged receipt of the 13G and asked Musk for clarification of several points including how Musk determined March 14 was the date which triggered a need for the 13G filing, and why he didn’t file within 10 days of March 14.

04-APR-2022

Twitter’s board offers Musk a seat on the board if he accumulates no more than 14.9% of the company’s stock. The offer includes a background check and completion of a D&O questionnaire.

https://www.sec.gov/Archives/edgar/data/1418091/000119312522095651/d342257dex101.htm

05-APR-2022

CEO Parag Agrawal welcomes Musk to the board via tweet.

09-APR-2022

Including a list of the Twitter accounts with the most followers, Musk tweets, “Most of these “top” accounts tweet rarely and post very little content. Is Twitter dying?

Agrawal replied that the tweets were unhelpful. It isn’t known until much latter via released text messages that Musk and Agrawal had been talking up to this point.

09+10-APR-2022

AP: Musk suggests Twitter changes, including accepting Dogecoin; Musk tweeted these ideas over the weekend.

11-APR-2022

AP: Tesla CEO Elon Musk won’t join Twitter’s board after all; Agrawal tweeted this news on Monday.

13-APR-2022

Musk files Amendment 2 to his Schedule 13D/A

The amendment includes his offer — a non-binding proposal — to Twitter’s Chairman of the Board Bret Taylor to acquire Twitter at $54.20/share and take it private.

15-APR-2022

Twitter adopted a rights agreement which included a poison pill.

20-APR-2022

Musk obtained $46.5 billion in financing commitments according to exhibits to amended 13D filed with the SEC.

25-APR-2022

Twitter’s board unanimously approved an offer by Musk to buy Twitter for $44 billion.

29-APR-2022

Reuters: Musk sells Tesla shares worth $8.5 billion ahead of Twitter takeover

02-MAY-2022

In 10-Q filing to SEC, Twitter estimated spam accounts as 5% or less of active users.

Musk tweeted, “Free speech is the bedrock of a functioning democracy, and Twitter is the digital town square where matters vital to the future of humanity are debated. I also want to make Twitter better than ever by enhancing the product with new features, making the algorithms open source to increase trust, defeating the spam bots, and authenticating all humans. Twitter has tremendous potential — I look forward to working with the company and the community of users to unlock it.”

04-MAY-2022

Amendment 6 to Schedule 13D showed Musk obtained commitments amounting to more than $7 billion in funding for the acquisition of Twitter.

10-MAY-2022

NPR: Elon Musk says he’ll reverse Donald Trump Twitter ban

12-MAY-2022

Twitter CEO announced a hiring freeze and cost cutting along with releasing two executives. They were:

– Kayvon Beykpour, general manager

– Bruce Falck, general manager for revenue

13-MAY-2022

WaPo: Elon Musk says Twitter deal is on hold, putting bid on shaky ground — Musk expressed concern that spam/accounts were in actuality more than 5% of users in spite of Twitter’s 10-Q statement.

25-MAY-2022

Federal Trade Commission and Dept of Justice Order Twitter to Pay $150 Million Penalty for Violating 2011 FTC Order and Cease Profiting from Deceptively Collected Data

06-JUN-2022

WaPo: Elon Musk threatens to back out of Twitter deal over withholding data – he claimed Twitter was “actively resisting” requests for information though his April agreement to purchase Twitter waived the right to look more deeply at the company’s data.

08-JUL-2022

WaPo: Elon Musk files to back out of Twitter deal – Musk’s letter to Twitter filed with the SEC said he was “terminating their merger agreement” but Twitter replied the same day saying it would sue Musk.

12-JUL-2022

NYT: Twitter Sues Musk After He Tries Backing Out of $44 Billion Deal – the company filed suit in Delaware’s Chancery Court.

19-JUL-2022

Chancellor Kathaleen St. Jude McCormick set a trial date for October 17 in Delaware’s Chancery Court.

29-JUL-2022

Bloomberg: Musk Files Defense Under Seal as Twitter Trial Set for Oct. 17

09-AUG-2022

A former Twitter employee was found guilty of spying on behalf of Saudi Arabia.

23-AUG-2022

USNews: Peiter Zatko, Twitter’s former security chief July 2020-January 2022, claimed in a whistleblower complaint filed in July with the Securities and Exchange Commission, the Federal Trade Commission and the Department of Justice that Twitter was not straightforward with regulators about its information security and its handling of disinformation.

13-SEP-2022

Twitter’s former security chief Zatko testified before the Senate Judiciary Committee about Twitter’s problematic information security.

03-OCT-2022

Musk tweets Vladimir Putin’s “peace plan”; it’s alleged this tweet occurred after Musk had a conversation with Putin.

04-OCT-2022

Twitter disclosed in an SEC filing that Musk agreed to complete the purchase of Twitter for $44 billion according to the terms established in April.

06-OCT-2022

WaPo: Twitter-Musk trial delayed as sides argue over money and trust

20-OCT-2022

Report: Musk explained to prospective investors that he will cut Twitter staffing by 75%

26-OCT-2022

Musk arrives at Twitter’s corporate offices carrying a bathroom sink. “Let that sink in!” he tweeted along with a video of his entrance.

27-OCT-2022

Musk takes control of Twitter, firing uppermost management including

– Parag Agrawal, Chief Executive Officer

– Ned Segal, Chief Financial Officer

– Vijaya Gadde, Global Lead of Legal Policy, Trust, and Safety

– Sean Edgett, General Counsel

30-OCT-2022

The Verge: Twitter is planning to start charging $20 per month for verification – Musk threatened to fire employees building this verified user system.

30-OCT-2022

Musk tweeted, “The whole verification process is being revamped right now

01-NOV-2022

Departure of more Twitter officials revealed, top management gutted; exits include

– Sarah Personette, Chief customer officer

– Dalana Brand, Chief People and Diversity Officer

– Nick Caldwell, General manager for core technologies

– Leslie Berland, Chief marketing officer

– Jay Sullivan, Head of product

– Jean-Philippe Maheu, vice president of global sales

01-NOV-2022

Major brands pause advertising on Twitter, including Audi, General Mills, General Motors, Ad rep Interpublic Group, Mondelez International, Pfizer, Volkswagen

01-NOV-2022

Twitter to deny Blue subscribers access to ad-free articles

01-NOV-2022

Musk mixed it up with author Stephen King over the proposed $20/month fee for Twitter Blue verified status

01-NOV-2022

CNET: Twitter Will Charge $8 a Month for Verified Accounts, Elon Musk Suggests

04-NOV-2022

Half of Twitter’s workforce is pink slipped.

Included are personnel who were building the new verification system.

04-NOV-2022

CNN: Elon Musk said Twitter has seen a ‘massive drop in revenue’ as more brands pause ads

04-NOV-2022

Entire departments were gutted:

– Human Rights

– Communications

– Accessibility Experience Team

– META (Machine learning ethics, transparency and accountability)

– Curation

04-NOV-2022 through 08-NOV-2022

CNN: Elon Musk sold nearly $4 billion worth of Tesla stock since Twitter deal closed

05-NOV-2022

Engadget: Twitter starts testing paid account verification on iOS

06-NOV-2022

Bloomberg: Twitter Now Asks Some Fired Workers to Please Come Back – some were fired “by mistake”

06-NOV-2022

Actor Kathy Griffin suspended by Twitter after mocking Musk by changing her account name and avatar to copy Musk’s.

07-NOV-2022

CBS: Musk says Twitter account holders who impersonate others will be banned

08-NOV-2022

Guardian: Twitter to offer ‘official’ label for select verified accounts – “Accounts that will receive [the label] include government accounts, commercial companies, business partners, major media outlets, publishers and some public figures,” Twitter’s Early Stage Products manager Esther Crawford tweeted.

08-NOV-2022

Reuters: Twitter engineer says he was fired for helping coworkers who faced layoffs — several employees are now filing a lawsuit against Twitter for firing them while engaged in protected work per the National Labor Relations Board.

09-NOV-2022

1:45 p.m. ET – Twitter users note there are two Twitter Blue services at different prices.

2:00 p.m. ET – Engadget: Twitter’s $8 a month Blue subscription with verification is rolling out; available on iOS only relying on Apple’s identity verification.

2:52 p.m. ET – Twitter users receive a notice there will be a change in Twitter Blue service; the service is being revamped with current subscriptions to be canceled at the end of the month.

09-NOV-2022

5:26 p.m. ET – Twitter Support tweets, “We’re not currently putting an “Official” label on accounts but we are aggressively going after impersonation and deception.

10-NOV-2022

Several high-level technical executives resigned, including

– Yoel Roth, Lead, Integrity and Safety

– Lea Kissner, CISO

– Damien Kieran, Chief Privacy Officer

10-NOV-2022

Internal communications about separations and outstanding compensation are a mess.

10-NOV-2022

With little advance notice, Musk hosts an Ask Me Anything-type of meeting with employees. Topics included:

– turning Twitter into a banking services business-news

– insufficient cash flow with bankruptcy a possibility

– elimination of remote/work from home with mandatory return to the office

– offering short-form video in competition with TikTok (like Twitter’s now-defunct Vine service)

10-NOV-2022

Multiple outlets note that Twitter may be in violation of the FTC’s 2011 Consent Decree by not developing a security program documented in writing within days of rolling out new services.

A former outside counsel to Twitter warned of FTC fines for lack of compliance, but Twitter is apparently requiring its engineers to “self certify” while failing to put new services through full red team review before implementation in production environment.

10-NOV-2022

A U.S. Senator, a major pharmaceutical company, a major aerospace and defense company, and Chiquita are among the noted individuals and organizations whose identities have been spoofed by accounts using the new Twitter Blue verification service.

10-NOV-2022

Twitter paused its Twitter Blue verification service on Thursday night after the new service had been abused with misinformation.

11-NOV-2022

NYT: Insiders report as much as 80% of engineering staff have been fired, leaving little more than a skeleton crew to manage key portions of the platform.

11-NOV-2022

Twitter’s remaining Human Resource team sent laid-off workers an email acknowledging delays sending their separation agreements and release of claims documents. But HR sent it CC: not BCC: with a Reply-All barrage following.

Stories of badly handled terminations are becoming public.

12-NOV-2022

Thread: “Scoop from within Twitter: small things are breaking, not enough engineers to fix them. Noticed that notification counts are not showing? The BE service powering it is down since Thursday. A bug was filed, but the team that would fix it is full on with verification work.

12-NOV-2022

More personnel are being terminated overnight, without warning. Managers are learning as their reports including contract personnel suddenly disappear from resources.

The last couple of items were added late Saturday night. I’m afraid to look and see what might have transpired since I checked last.

There’s no nice way to put this: this entire situation is fucked up and it’s all on Elon Musk.

He’s done immense damage to Twitter’s brand as well as his own personal brand. He seems to think branding isn’t important though advertising customers like Eli Lilly, Lockheed Martin, and Chiquita offer evidence brand damage from sloppy management actually costs money.

The FTC is likely to punctuate this even further because of the egregious manner in which Twitter under Musk’s ownership has failed to comply with the 2011 consent decree. Musk ought to talk with Facebook’s Zuckerberg about how expensive this can be.

And there are humans who are going to pay for Musk’s cavalier behavior — families who might be expecting a child who are now dealing with COBRA, remote workers who are being forced back to the office in areas with severe housing shortages (that’d be Ireland, not just the U.S.). Musk has tweeted about this but this issue didn’t come up out of thin air, and like everything else so far has been handled badly.

There’s some question whether Twitter has adequate staffing related to compliance with EU regulations and GDPR and are they in Ireland.

Three points about Musk’s Twitter acquisition really boggle my mind after reading all this material. First,

Mr. Musk had brought his own advisers, many of whom had worked at his other businesses, such as the digital payments company PayPal and the electric carmaker Tesla. They parked themselves in the “war room,” on the second floor of a building attached to Twitter’s headquarters. The area, which Twitter used to fete big-spending advertisers and dignitaries, was stocked with company memorabilia. …

The advisers included the venture capitalists David Sacks, Jason Calacanis and Sriram Krishnan; Mr. Musk’s personal lawyer Alex Spiro; his financial manager Jared Birchall; and Antonio Gracias, a former Tesla director. Joining in were engineers and others from Tesla; from Mr. Musk’s brain interface start-up, Neuralink; and from his tunneling company, the Boring Company.

Musk is relying on the expertise of people in disparate businesses which have nothing to do with social media — unless Musk is already thinking he’s going to Johnny Mnemonic users’ heads with their Twitter accounts using Neuralink, a product which is likely to go nowhere since it is technically a medical device and it’s not ready for testing in humans.

The Boring Company, though. Really? Name a successful, profitable installation. Don’t mind me not holding my breath waiting, though.

There have been rumors Musk is surrounded by yes men and sycophants. We may now know who they are.

The  second questionable point:

The scope of layoffs was a moving target. Twitter managers were initially told to cut 25 percent of the work force, three people said. But Tesla engineers who reviewed Twitter’s code proposed deeper cuts to the engineering teams. Executives overseeing other parts of Twitter were told to expand their layoff lists.

Tesla. Engineers.

The people who engineer electric cars, the software of which is not safe for autonomous self driving, somehow understand enough about social media software used by hundreds of millions of accounts globally, 7/24/365, to make an assessment of staffing requirements.

They somehow understand the issues consumers, governments, industries, nonprofits/NGOs have had using and relying on this social media application since it was launched 16 years ago.

Clearly not since they missed the part about the FTC’s consent decree which might shape how any code is written, tested, rolled out, operates, and maintained.

The third doozy:

Twitter executives also suggested assessing the lists for diversity and inclusion issues so the cuts would not hit people of color disproportionately and to avoid legal trouble. Mr. Musk’s team brushed aside the suggestion, two people said.

This is the same Elon Musk whose businesses have been sued more than once for discriminatory practices, pointedly choosing to ignore federal and state employment law.

It’s a pattern of behavior and it’s not acceptable, particularly if Musk’s corporations are beneficiaries of federal incentives.

~ ~ ~

We’re long overdue to regulate social media, not just because they are monopolistic and oligopolistic.

Our businesses, our personal lives have become dependent on some of these platforms. So has our government. It should not be possible to spoof the identity of a U.S. member of Congress let alone any other government employee or entity. It should not be easy to trash businesses’ reputations for the lulz.

Nor should we as individuals be waiting for the moment we learn our personal data has been breached because a billionaire was sloppy and indifferent about its security though it’s a key facet of the business he bought for the lulz.

Democrats may have a majority in both houses of Congress next year. But they already have one now and they should use it immediately learn why Elon Musk thinks his new toy is above the law and beyond regulatory oversight.

__________
* I meant to add you should seriously consider deleting the Twitter app from your phone. I suspect there will be attempts to hack users’ accounts using the cell phone information Twitter has on record. Protecting this data was at the heart of the FTC’s consent decree.

Lasciando il matrimonio di Elmo

[NB: check the byline, thanks. /~Rayne]

My moderation team counterpart bmaz is a bit put out at people who are flouncing Twitter dramatically. We don’t see eye to eye about the topic of departing Twitter now. I’m among those who are unwinding their accounts now that Elmo has been forced into marrying Twitter, Inc.

Elmo’s turbulent management style is one reason I’d like to leave. Who knows what any given day will yield – will a new policy pop up out of the blue insisting users must pay for services to which they’ve become accustomed for years?

Security is another matter of concern, and in saying security I mean I have my doubts about personal data security now that Elmo has capriciously announced he’s going to fire 75% of Twitter’s personnel…and now 50% this Friday…and maybe with or without compliance with state or federal WARN Act.

Does anyone really think Twitter personnel are at top form right now when they’re looking over their shoulder for their pink slip? Could you blame them if they aren’t?

But my biggest single reason for wanting to leave Twitter is this: I do not want to be Elmo’s product.

~ ~ ~

Artist Richard Serra said of his experience viewing the painting Las Meninas (c. 1656) by Diego Velázquez:

“I was still very young and trying to be a painter, and it knocked me sideways. I looked at it for a long time before it hit me that I was an extension of the painting. This was incredible to me. A real revelation. I had not seen anything like it before and it made me think about art and about what I was doing, in a radically different way. But first, it just threw me into a state of total confusion.”

When one first sets eyes upon the painting, it appears to be one of the young Infanta Margaret Theresa of Spain and her ladies in waiting, standing next to a portraitist at work. It takes a moment to realize that the portraitist isn’t painting the Infanta but whomever the Infanta is observing, and yet another moment to realize the subject of the portrait and the Infanta’s gaze can be seen in the mirror behind them.

The painting’s observer will then realize they are standing in for the Infanta’s parents who are being painted by the portraitist — and the painting is a self portrait of Velázquez at work. The painting’s observer is a proxy who has not fully consented to their role but nonetheless becomes the subject of the painter at work.

It is this same inversion which must be grasped to understand why I refuse to be Elmo’s product.

I know that I am not Twitter’s customer. I’m not the consumer.

If I remain I am the consumed in Elmo’s forced marriage scenario.

~ ~ ~

Serra and director Carlota Fay Schoolman produced a short film in 1973 entitled, “Television Delivers People.” It was considered video art, using a single channel with a text scroll to critique television.

This excerpt explains the relationship between the audience and television:

Commercial television delivers 20 million people a minute.
In commercial broadcasting the viewer pays for the privilege of having himself sold.
It is the consumer who is consumed.
You are the product of t.v.
You are delivered to the advertiser who is the customer.
He consumes you.
The viewer is not responsible for programming —
You are the end product.

What television did in the 1970s, social media does today. It consolidates access to disparate individuals over distances into audiences of varying sizes and offers them to advertisers.

Social media is mass media.

Social media, however, doesn’t serve audiences to advertisers alone. Given the right kind of incentives and development, audiences can be bought for other purposes.

There are almost no regulatory restrictions on audiences being identified, aggregated, bought, and resold, and very little comprehensive regulation regarding data privacy.

Elmo so far doesn’t appear to understand any of this between his uneducated blather about free speech and his ham handedness about Twitter’s business model.

I do not want to be sold carelessly and indifferently by Elmo.

~ ~ ~

If you are a social media user, even if validated or a celebrity with millions of followers, you are the product. You are being sold by the platform to advertisers.*

There may even be occasions when you’re not sold but used – recall the access Facebook granted to researcher Aleksandr Kogan in 2013 as part of experimentation, which then underpinned the work of Cambridge Analytica ahead of the 2016 election.

Facebook was punished by the Federal Trade Commission for violating users’ privacy, but there’s still little regulatory framework to assure social media users they will not be similarly abused as digital chattel.

What disincentives are there to rein in a billionaire with an incredibly short attention span and little self control now that he’s disbanded Twitter’s board of directors? What will prevent Elmo from doing what Facebook did to its users?

I’ve raised a couple kids with ADD. I don’t want to be on the other end of the equation, handled as digital fungible by an adult with what appears to be ADD weaponized with narcissism.

I deserve better.

I’m only going to get it if I act with this understanding, attributed again to Serra:

If something is free, you’re the product.

~ ~ ~

By now you should be used to hearing this, but I’m leaving this marriage, Elmo.

Treat this as an open thread.

__________

* We do not sell data about our community members.

FBI Allegedly Found Child Sexual Abuse Material When It Searched Josh Schulte’s Discovery Laptop

For the past several weeks — since his attorney, Sabrina Shroff, filed a letter on September 28 asking why he hadn’t been delivered to the SCIF as expected on September 26 — there has been something weird going on in the docket for Josh Schulte — who in July was convicted of stealing and leaking the CIA’s hacking tools to Wikileaks. She noted there was a probable request that he be withheld from the SCIF in the docket and wanted access to it. Today, the government unsealed three filings explaining what happened: They allegedly caught Schulte with Child Sexual Abuse Material again. Almost four years to the day after he was found using contraband phones in MCC, the government did another search of his cell to figure out whether and how he got the CSAM (which probably came from his discovery pertaining to the files allegedly on his home computer in 2017).

The filings are:

What happened is this:

July 27: The government obtained a warrant for Schulte’s discovery laptop covering contempt and contraband with search run by filter AUSA.

As the Court is aware, on July 27, 2022, United States Magistrate Judge Cheryl L. Pollak of the Eastern District of New York signed a warrant authorizing the seizure and search of the laptop previously provided to the defendant for his use in the Bureau of Prisons for reviewing unclassified discovery and preparing litigation materials in this case (the “Laptop Warrant”), which was at that time located at the Metropolitan Detention Center (“MDC”) in Brooklyn, New York. Pursuant to the terms of the Laptop Warrant, the initial search and review of the contents of the defendant’s laptop for evidence of the subject offenses set forth therein, specifically violations of 18 U.S.C. §§ 401(3) (contempt of court) and 1791(a) (possessing contraband in a correctional facility), is being conducted by agents from the Federal Bureau of Investigation (“FBI”) who are not part of the prosecution team, supervised by an Assistant U.S. Attorney who is also not part of the prosecution team and is experienced in privilege matters (the “Wall Team”), to segregate out any potentially privileged documents or data.

August 26: The FBI discovered an extra thumb drive in the SCIF.

On or about August 26, 2022, Schulte was produced to the Courthouse SCIF and, during that visit, asked to view the hard drive containing the Home CSAM Files from the Home Desktop. The hard drive was provided to Schulte and afterwards re-secured in the dedicated safe in the SCIF. The FBI advised the undersigned that, while securing the hard drive containing the Home CSAM Files, they observed that an unauthorized thumb drive (the “Thumb Drive”) was connected to the SCIF laptop used by Schulte and his counsel to review that hard drive containing the Home CSAM Files. On or about September 8, 2022, at the Government’s request, the CISO retrieved the hard drive containing materials from the Home Desktop from the SCIF and returned it to the FBI so that it could be handled pursuant to the normal procedures applicable to child sexual abuse materials. The CISO inquired about what should be done with the Thumb Drive, which remained in the dedicated SCIF safe. The Government requested that the Thumb Drive remain secured in the SCIF while the Government completed its review of the defendant’s laptop and continued to investigate the defendant’s potentially unauthorized activities.

September 22: FBI discovers “a substantial amount” of suspected CSAM on his discovery laptop with review run by a second AUSA.

[O]n September 22, 2022, the Wall Team contacted one of the FBI case agents handling this matter to inform him that, during the Wall Team’s review of the defendant’s MDC laptop, they had discovered a substantial amount of what appeared to be child sexual abuse materials (the “Laptop CSAM Files”) and to request guidance about how to proceed.

[snip]

[A]nother Assistant U.S. Attorney was assigned to the Wall Team at the request of the undersigned to be able to review the material and assist in obtaining that additional warrant, which this Court issued on September 23, 2022 (the “CSAM Expansion Warrant”).

October 5: FBI executes a search on Schulte’s cell, the SCIF, and electronics in the SCIF.

One warrant, which was issued on October 4, 2022 by United States Magistrate Judge Robert M. Levy of the Eastern District of New York, authorized the search of the defendant’s cell at the MDC and the seizure of certain materials contained therein, including electronic devices (the “MDC Cell Warrant”). The second warrant, which was also issued on October 4, 2022 by this Court, authorized the seizure and search of three specified electronic devices previously used by the defendant in the Courthouse Sensitive Compartmented Information Facility (“SCIF”) in connection with his review of CSAM obtained from the defendant’s home computer equipment and produced in discovery for review in the SCIF (the “CSAM Devices Warrant”). Both the MDC Cell Warrant and the CSAM Devices Warrant contain substantially the same procedures as the CSAM Expansion Warrant for initial review of the seized materials by the Wall Team. Both warrants were executed by the FBI on October 5, 2022.

DOJ is still investigating the discovery laptop for both the contraband and the CSAM. But they’re ready to give Schulte a typewriter so he can write his post-trial motions.

As the Government previously informed defense counsel and the Court, the Government cannot at this point consent to providing the defendant with a replacement laptop under any conditions (D.E. 950), in light of both his convictions of a variety of computer-related offenses and the additional evidence of his misconduct with regard to the previous MDC laptop that was seized. The Government has conferred with legal counsel at the MDC to request that the defendant have access to a typewriter for purposes of drafting these post-trial motions, similar to that available to inmates in general population. MDC legal counsel has indicated that this would likely be possible, subject to approval from the senior management of the MDC.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

Trust: In Bid for Stay, DOJ Likened Trump to Catastrophic Intelligence Compromise

There’s a detail in DOJ’s request for a stay of Judge Aileen Cannon’s injunction on using stolen Trump documents to investigate Trump that hasn’t gotten enough attention.

A footnote modifying a discussion about the damage assessment the Intelligence Community is currently doing referenced a letter then-NSA Director Mike Rogers wrote in support of Nghia Pho’s sentencing in 2018. [This letter remains sealed in the docket but Josh Gerstein liberated it at the time.]

[I]n order to assess the full scope of potential harms to national security resulting from the improper retention of the classified records, the government must assess the likelihood that improperly stored classified information may have been accessed by others and compromised. 4

4 Departments and agencies in the IC would then consider this information to determine whether they need to treat certain sources and methods as compromised. See, e.g., Exhibit A to Sentencing Memorandum, United States v. Pho, No. 1:17-cr-631 (D. Md. Sept. 18, 2018), D.E. 20-1 (letter from Adm. Michael S. Rogers, Director, National Security Agency) (“Once the government loses positive control over classified material, the government must often treat the material as compromised and take remedial actions as dictated by the particular circumstances.”).

Even on its face, the comment suggests the possibility that the Intelligence Community is shutting down collection programs because Trump took documents home.

But the analogy DOJ made between Trump and Pho, by invoking the letter, is even worse.

I’ve written about Pho, who with Hal Martin, is believed to be the source of the files leaked by Shadow Brokers and, with them, two devastating global malware attacks, WannaCry and NotPetya.

Over a month ago, I suggested that the IC likely had Pho and Martin in mind as they considered the damage Trump may have done by doing the same thing; taking highly classified files home from work.

[T]he lesson Pho and Martin offer about how catastrophic it can be when someone brings classified files home and stores them insecurely, no matter their motives — are the background against which career espionage prosecutors at DOJ will be looking at Trump’s actions.

But with the footnote, I’m no longer the only one to make such an analogy. DOJ did so too, in an unsuccessful effort to get Judge Cannon to understand the magnitude of the breach she was coddling.

As you read this letter, replace Pho’s name with Trump’s. It reads almost seamlessly.

That’s the analogy DOJ made between Trump and someone his own DOJ prosecuted aggressively.

Pho retained classified information outside of properly secured spaces and by doing so caused very significant and long-lasting harm to the NSA, and consequently to the national security of the United States.

[snip]

[T]he exposure of the United States’ classified information outside of secure spaces may result in the destruction of intelligence-gathering efforts used to protect this nation. Mr. Pho, who voluntarily assumed this responsibility, ignored his oath to his country and the NSA by taking classified information outside of secure spaces, thereby placing that information in significant jeopardy.

[snip]

Mr. Pho’s conduct in improperly and unlawfully retaining national defense information, which included highly classified information, outside of secure space had significant negative impacts on the NSA mission.

[snip]

Techniques of the kind Mr. Pho was entrusted to protect, yet removed from secure space, are force multipliers, allowing for intelligence collection in a multitude of environments around the globe and spanning a wide range of national security topics. Compromise of one technique can place many opportunities for intelligence collection and national security at risk.

By removing such highly classified materials outside of secure space, Mr. Pho subjected those materials to compromise. It is a fundamental mandate in the Intelligence Community that classified material must be handled and stored in very specific and controlled ways. If classified material is not handled or stored according to strict rules, then the government cannot be certain that it remains secret. Once the government loses positive control over classified material, the government must often treat the material as compromised and take remedial actions as dictated by the particular circumstances. Depending on the type and volume of compromised classified material, such reactions can be costly, time consuming and cause a shift in or abandonment of programs. In this case, the fact that such a tremendous volume of highly classified, sophisticated collection tools was removed from secure space and left unprotected, especially in digital form on devices connected to the Internet, left the NSA with no choice but to abandon certain important initiatives, at great economic and operational cost.

In addition, NSA was faced with the crucial and arduous task of accounting for all of the exposed classified materials, including TOP SECRET information, the unauthorized disclosure of which, by definition, reasonably could be expected to cause exceptionally grave damage to the national security. Accounting for all of the exposed classified material was necessary so that NSA could attempt to assess the damage that resulted from the classified and diverted critical resources away from NSA’s intelligence-gathering mission.

The detrimental impacts of Mr. Pho’s activities are also felt in other less tangible ways, including a loss of trust among colleagues and essential partners who count on NSA to conduct its mission.

[snip]

Trust is an essential component of all of the work that is done by NSA employees. It is affirmed by our sworn oath to uphold and defend the Constitution, sealed by our signed obligations to protect national defense information.

[snip]

This trust extends to a circle with other U.S. intelligence agencies, who share valuable intelligence insights; military personnel, who share details of their operational plans; and international partners, who share their sovereign secrets with us, all for common objectives.

[snip]

Future decisions about sharing will be weighted with considerations of the breach of trust by one party.

There’s little that distinguishes Pho’s compromise from Trump’s. While Trump didn’t load all this stuff online like Pho did, he brought it to a thinly-protected country club aggressively targeted by foreign intelligence services — a more obvious target than Pho’s desktop computer.

And whether the IC knows about the extent of the compromise right now, or whether something he made available will shut down shipping and hospitals and drug manufacturing in two years time, as Pho’s compromises did, the IC has to act as if these files have already been compromised.

That’s what the footnote says.

As I said, Trump’s own DOJ ratcheted up prosecutions in the wake of the Pho and Martin compromises. And now Trump — along with a judge he appointed — are trying to make sure he evades the same justice that his own DOJ demanded of others.

Update: Clarified that Martin and Pho are believed to be the source of the files leaked by Shadow Brokers, but not the leakers themselves.

Go to emptywheel resource page on Trump Espionage Investigation.

[Photo: National Security Agency, Ft. Meade, MD via Wikimedia]

18 USC 793e in the Time of Shadow Brokers and Donald Trump

Late last year, a Foreign Affairs article by former Principal Deputy Director of National Intelligence Sue Gordon and former DOD Chief of Staff Eric Rosenbach asserted that the files leaked in 2016 and 2017 by Shadow Brokers came from two NSA officers who brought the files home from work.

In two separate incidents, employees of an NSA unit that was then known as the Office of Tailored Access Operations—an outfit that conducts the agency’s most sensitive cybersurveillance operations—removed extremely powerful tools from top-secret NSA networks and, incredibly, took them home. Eventually, the Shadow Brokers—a mysterious hacking group with ties to Russian intelligence services—got their hands on some of the NSA tools and released them on the Internet. As one former TAO employee told The Washington Post, these were “the keys to the kingdom”—digital tools that would “undermine the security of a lot of major government and corporate networks both here and abroad.”

One such tool, known as “EternalBlue,” got into the wrong hands and has been used to unleash a scourge of ransomware attacks—in which hackers paralyze computer systems until their demands are met—that will plague the world for years to come. Two of the most destructive cyberattacks in history made use of tools that were based on EternalBlue: the so-called WannaCry attack, launched by North Korea in 2017, which caused major disruptions at the British National Health Service for at least a week, and the NotPetya attack, carried out that same year by Russian-backed operatives, which resulted in more than $10 billion in damage to the global economy and caused weeks of delays at the world’s largest shipping company, Maersk. [my emphasis]

That statement certainly doesn’t amount to official confirmation that that’s where the files came from (and I’ve been told that the scope of the files released by Shadow Brokers would have required at least one more source). But the piece is as close as anyone with direct knowledge of the matter — as Gordon would have had from the aftermath — has come to confirming on the record what several strands of reporting had laid out in 2016 and 2017: that the NSA files that were leaked and then redeployed in two devastating global cyberattacks came from two guys who brought highly classified files home from the NSA.

The two men in question, Nghia Pho and Hal Martin, were prosecuted under 18 USC 793e, likely the same part of the Espionage Act under which the former President is being investigated. Pho (who was prosecuted by Thomas Windom, one of the prosecutors currently leading the fake elector investigation) pled guilty in 2017 and was sentenced to 66 months in prison; he is processing through re-entry for release next month. Martin pled guilty in 2019 and was sentenced to 108 months in prison.

The government never formally claimed that either man caused hostile powers to obtain these files, much less voluntarily gave them to foreign actors. Yet it used 793e to hold them accountable for the damage their negligence caused.

There has never been any explanation of how the files from Martin would have gotten to the still unidentified entity that released them.

But there is part of an explanation how files from Pho got stolen. WSJ reported in 2017 that the Kaspersky Anti-Virus software Pho was running on his home computer led the Russian security firm to discover that Pho had the NSA’s hacking tools on the machine. Somehow (the implication is that Kaspersky alerted the Russian government) that discovery led Russian hackers to subsequently target Pho’s computer and steal the files. In response to the WSJ report, Kaspersky issued their own report (here’s a summary from Kim Zetter). It acknowledged that Kaspersky AV had pulled in NSA tools after triggering on a known indicator of NSA compromise (the report claimed, and you can choose to believe that or not, that Kaspersky had deleted the most interesting parts of the files obtained). But it also revealed that in that same period, Pho had briefly disabled his Kaspersky AV and downloaded a pirated copy of Microsoft Office, which led to at least one backdoor being loaded onto his computer via which hostile actors would have been able to steal the NSA’s crown jewels.

Whichever version of the story you believe, both confirm that Kaspersky AV provided a way to identify a computer storing known NSA hacking tools, which then led Pho — someone of sufficient seniority to be profiled by foreign intelligence services — to be targeted for compromise. Pho didn’t have to give the files he brought home from work to Russia and other malicious foreign entities. Merely by loading them onto his inadequately protected computer and doing a couple of other irresponsible things, he made the files available to be stolen and then used in one of the most devastating information operations in history. Pho’s own inconsistent motives didn’t matter; what mattered was that actions he took made it easy for malicious actors to pull off the kind of spying coup that normally takes recruiting a high-placed spy like Robert Hanssen or Aldrich Ames.

In the aftermath of the Shadow Brokers investigation, the government’s counterintelligence investigators may have begun to place more weight on the gravity of merely bringing home sensitive files, independent of any decision to share them with journalists or spies.

Consider the case of Terry Albury, the FBI Agent who shared a number of files on the FBI’s targeting of Muslims with The Intercept. As part of a plea agreement, the government charged Albury with two counts of 793e, one for a document about FBI informants that was ultimately published by The Intercept, and another (about an online terrorist recruiting platform) that Albury merely brought home. The government’s sentencing memo described the import of files he brought home but did not share with The Intercept this way:

The charged retention document relates to the online recruitment efforts of a terrorist organization. The defense asserts that Albury photographed materials “to the extent they impacted domestic counter-terrorism policy.” (Defense Pos. at 37). This, however, ignores the fact that he also took documents relating to global counterintelligence threats and force protection, as well as many documents that implicated particularly sensitive Foreign Intelligence Surveillance Act collection. The retention of these materials is particularly egregious because Albury’s pattern of behavior indicates that had the FBI not disrupted Albury and the threat he posed to our country’s safety and national security, his actions would have placed those materials in the public domain for consumption by anyone, foreign or domestic.

And in a declaration accompanying Albury’s sentencing, Bill Priestap raised the concern that by loading some of the files onto an Internet-accessible computer, Albury could have made them available to entities he had no intention of sharing them with.

The defendant had placed certain of these materials on a personal computing device that connects to the Internet, which creates additional concerns that the information has been or will be transmitted or acquired by individuals or groups not entitled to receive it.

This is the scenario that, one year earlier, was publicly offered as an explanation for the theft of the files behind The Shadow Brokers; someone brought sensitive files home and, without intending to, made them potentially available to foreign hackers or spies.

Albury was sentenced to four years in prison for bringing home 58 documents, of which 35 were classified Secret, and sending 25 documents, of which 16 were classified Secret, to the Intercept.

Then there’s the case of Daniel Hale, another Intercept source. Two years after the Shadow Brokers leaks (and five years after his leaks), he was charged with five counts of taking and sharing classified documents, including two counts of 793e tied to 11 documents he took and shared with the Intercept. Three of the documents published by The Intercept were classified Top Secret.

Hale pled guilty last year, just short of trial. As part of his sentencing process, the government argued that the baseline for his punishment should start from the punishments meted to those convicted solely of retaining National Defense Information. It tied Hale’s case to those of Martin and Pho explicitly.

Missing from Hale’s analysis are § 793 cases in which defendants received a Guidelines sentence for merely retaining national defense information. See, e.g., United States v. Ford, 288 F. App’x 54, 61 (4th Cir. 2008) (affirming 72-month sentence for retention of materials classified as Top Secret); United States v. Martin, 1:17-cr-69-RDB) (D. Md. 2019) (nine-year sentence for unlawful retention of Top Secret information); United States v. Pho, 1:17-cr-00631 (D. Md. 2018) (66-month sentence for unlawful retention of materials classified as Top Secret). See also United States v. Marshall, 3:17-cr-1 (S.D. TX 2018) (41-month sentence for unlawful retention of materials classified at the Secret level); United States v. Mehalba, 03-cr-10343-DPW (D. Ma. 2005) (20-month sentence in connection with plea for unlawful retention – not transmission – in violation of 793(e) and two counts of violating 18 U.S.C. 1001; court departed downward due to mental health of defendant).

Hale is more culpable than these defendants because he did not simply retain the classified documents, but he provided them to the Reporter knowing and intending that the documents would be published and made available to the world. The potential harm associated with Hale’s conduct is far more serious than mere retention, and therefore calls for a more significant sentence. [my emphasis]

Even in spite of a moving explanation for his actions, Hale was sentenced to 44 months in prison. Hale still has almost two years left on his sentence in Marion prison.

That focus on other retention cases from the Hale filing was among the most prominent national references to yet another case of someone prosecuted during the Trump Administration for taking classified files home from work, that of Weldon Marshall. Over the course of years of service in the Navy and then as a contractor in Afghanistan, Marshall shipped hard drives of classified materials home.

From the early 2000s, Marshall unlawfully retained classified items he obtained while serving in the U.S. Navy and while working for a military contractor. Marshall served in the U.S. Navy from approximately January 1999 to January 2004, during which time he had access to highly sensitive classified material, including documents describing U.S. nuclear command, control and communications. Those classified documents, including other highly sensitive documents classified at the Secret level, were downloaded onto a compact disc labeled “My Secret TACAMO Stuff.” He later unlawfully stored the compact disc in a house he owned in Liverpool, Texas. After he left the Navy, until his arrest in January 2017, Marshall worked for various companies that had contracts with the U.S. Department of Defense. While employed with these companies, Marshall provided information technology services on military bases in Afghanistan where he also had access to classified material. During his employment overseas, and particularly while he was located in Afghanistan, Marshall shipped hard drives to his Liverpool home. The hard drives contained documents and writings classified at the Secret level about flight and ground operations in Afghanistan. Marshall has held a Top Secret security clearance since approximately 2003 and a Secret security clearance since approximately 2002.

He appears to have been discovered when he took five Cisco switches home. After entering into a cooperation agreement and pleading guilty to one count of 793e, Marshall was (as noted above) sentenced to 41 months in prison. Marshall was released last year.

Outside DOJ, pundits have suggested that Trump’s actions are comparable to those of Sandy Berger, who like Trump stole files that belong to the National Archives and after some years pled guilty to a crime that Trump since made into a felony, or David Petraeus, who like Trump took home and stored highly classified materials in unsecured locations in his home. Such comparisons reflect the kind of elitist bias that fosters a system in which high profile people believe they are above the laws that get enforced for less powerful people.

But the cases I’ve laid out above — particularly the lesson Pho and Martin offer about how catastrophic it can be when someone brings classified files home and stores them insecurely, no matter their motives — are the background against which career espionage prosecutors at DOJ will be looking at Trump’s actions.

And while Trump allegedly brought home paper documents, rather than the digital files that Russian hackers could steal while sitting in Moscow, that doesn’t make his actions any less negligent. Since he was elected President, Mar-a-Lago became a ripe spying target, resulting in at least one prosecution. And two of the people he is most likely to have granted access to those files, John Solomon and Kash Patel, each pose known security concerns. Trump has done the analog equivalent of what Pho did: bring the crown jewels to a location already targeted by foreign intelligence services and store them in a way that can be easily back-doored. Like Pho, it doesn’t matter what Trump’s motivation for doing so was. Having done it, he made it ridiculously easy for malicious actors to simply come and take the files.

Under Attorneys General Jeff Sessions and Bill Barr, DOJ put renewed focus on prosecuting people who simply bring home large caches of sensitive documents. They did so in the wake of a costly lesson showing that the compromise of insecurely stored files can do as much damage as a high level recruited spy.

It’s a matter of equal justice that Trump be treated with the same gravity with which Martin and Pho and Albury and Hale and Marshall were treated under the Trump Administration, for doing precisely what Donald Trump is alleged to have done (albeit with far fewer and far less sensitive documents). But as the example of Shadow Brokers offers, it’s also a matter of urgent national security.

image_print