Profile picture
, 14 tweets, 4 min read
My Authors
Read all threads
Mexico's new copyright law was rushed through its Congress without debate or consultation, copy-pasting the US copyright system into Mexican law as though America's system was working perfectly.

eff.org/deeplinks/2020…

1/
The law poses grave risks to Mexicans' human rights, especially (and most obviously), their right to free expression.

eff.org/deeplinks/2020…

2/
But perhaps even more urgent is the impact this law will have on the Mexicans' cybersecurity: the security of their devices and thus the integrity of their data and even their personal safety:

eff.org/deeplinks/2020…

3/
The new law imports the USA's "anti-circumvention rule" - a rule that makes it both a criminal and civil matter to tamper with the "technical protection measures" that restrict access to a device, even if it's your device, and even if you're not infringing copyright.

4/
This law has been a serious impediment to independent security audits - when a researcher investigates the devices we're using, to ensure that they aren't leaking our data or exposing us to risk - say, by allowing hackers to send lethal shocks to our implanted pacemakers.

5/
That's because security testing often involves bypassing a TPM to get at the device's internals, and the output of those tests is often "proof of concept" code, which incontrovertibly demonstrates the defects, overriding any denials from the manufacturer.

6/
Both of these run afoul of both US and (new) Mexican copyright law, and since the only way to determine whether a system is secure is to subject it to independent scrutiny, this leaves devices vulnerable to serious attacks with real consequences.

7/
Mexicans have direct experience with this. Pegasus, a digital weapon sold by the arms dealer NSO Group, was used to attack independent journalists, anti-sugar campaigners, and even young children:

threatpost.com/pegasus-spywar…

8/
The same weapons were implicated in the Saudi kidnapping, murder and dismemberment of Jamal Khashoggi; they rely upon lingering security defects in devices that the arms dealers exploit and sell to dictators and wealthy thugs.

9/
Like the US law, the Mexican law contains an "exemption" for security research; in fact, it is nearly a verbatim translation of the US clause. That exemption is entirely useless. How useless? In 22 years, no one in the USA has ever managed to use it.

10/
And in case there was any doubt, the US Copyright Office has officially acknowledged the insufficiency of this exemption and has created larger, more explicit carve outs (that are still insufficient).

11/
The US law lets the Copyright Office make these changes; the Mexican law not only does not define a process for fixing these overreaches, it's also starting without the USA's 22 years' worth of exemptions.

12/
No nation can afford to tie the hands of cybersecurity researchers. Mexico's lawmakers could have easily written a law that accommodated security - all they'd have had to say was, "None of this applies unless you're infringing someone's copyright." They didn't.

13/
Now it's down to the National Commission for Human Rights, which has until Jul 31 to announce that it is reviewing the law. If you are in Mexico or are Mexican, here's a petition to the Commission:

participa.nicensuranicandados.org

eof/
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with Cory Doctorow #BLM

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @doctorow see all

Profile picture
Cory Doctorow #BLM
@doctorow
You know that thing that companies do when you set up an online account, asking you to name your favorite food and your high-school mascot as a way to recover your password later, or verify your identity if something sus is going on?

1/ Image
They're called "challenge questions" and they don't work.

That's the conclusion a group of Google security researchers and my EFF colleague Joseph Bonneau reached through a set of careful - and devastating - experiments.

static.googleusercontent.com/media/research…

2/
Not only are the answers to these questions pretty easy for attackers to guess or research (your mother's maiden name is a matter of public record and your favorite food is "pizza"), but actual users really struggle to remember their answers.

3/
Read 10 tweets
Profile picture
Cory Doctorow #BLM
@doctorow
Adam, a reader, wrote to me to say, "My wife just bought a medical-treatment device called Exogen. It's not cheap. It purportedly uses ultrasound to promote bone healing.

1/
"We're both skeptical about it, and all the studies that validate it were paid for by Exogen, but when you've got a persistent health problem, you don't want to leave any stones unturned, and this seems unlikely to be actively harmful."

2/
Speaking as someone with untreatable, degenerative, chronic pain, boy do I understand where he's coming from. And here's what happened:

3/
Read 8 tweets
Profile picture
Cory Doctorow #BLM
@doctorow
In a major new paper, just released as a preprint, the eminent UK computer scientist and digital rights campaigner @1Br0wn makes the case for "Interoperability as a tool for competition regulation."

osf.io/preprints/lawa…

1/ Image
The paper pulls together many of the recent interventions on the subject into a single, readable, brief summary that makes for an excellent overview - I'm not saying you shouldn't read the CMA's magesterial 450 page report, but realistically...

gov.uk/government/new…

2/
Brown starts by describing interop - an often slippery topic - in concrete terms, giving familiar examples from existing tech (eg SMS) and then describing how interop could open Big Tech's silos up.

3/
Read 21 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!