As far back as 2015, the agribusiness monopolist @JohnDeere was taking steps to ban farmers from fixing their own tractors, arguing that copyright law made trafficking in tools to effect these repairs a felony.
The company took this to the US Copyright Office, saying that farmers couldn't fix their tractors because they don't OWN them, despite paying hundreds of thousands of dollars for them - software in tractors means they can only be licensed, not owned.
Deere bolstered this argument with a paternalistic warning that farmers are just not qualified to service tractors, prompting electronics specialist Willie Cade - grandson of a legendary Deere engineer - to speak out against the company.
Cade explained that his grandfather Theo Brown - who filed 158 patents for Deere - got all of his ideas by going into the field and observing the modifications that farmers had made to their tractors.
4/
It is not - and has never been - the case that Deere invents stuff that farmers use. It's the opposite. Farmers invent stuff, Deere commercializes it and sells it to other farmers. Farmers harvest their crops with Deere tractors, and Deere harvests FARMERS with them.
5/
Stealing the #RightToRepair from farmers was just the curtain-raiser for Deere's ban on modifying tractors, though. The real money is in stealing data that's generated when farmers drive their Deere tractors around their fields.
This data - a centimeter-accurate grid documenting soil density and humidity - generates data that Deere sells back to the farmers who created it as part of a "precision agriculture" package that comes with seeds from tyrants like @Bayer, the new owner of #Monsanto.
7/
Far more grandiose, though, is Deere's plan to aggregate this misapporpriated data and mine it for market intelligence about crop-yields, which can be sold into the agricultural futures market for billions.
8/
The next time someone says "If you're not paying for the product, you're the product," remember Deere and farmers. Farmers spend hundreds of thousands on tractors and they're STILL the product. Slapping a pricetag on a monopoly doesn't make markets - it makes rent-extraction.
9/
I've been in Copyright Office meetings where Deere and other embedded systems makers (notably car-makers) have claimed that they HAVE to lock down their systems to protect their customers from cyber-attacks.
10/
But for that to be true, these companies would have to ACTUALLY protect their customers from cyberattacks, and that's not the case, as is evidenced by @sickcodes's research on Deere's digital infrastructure, which Willie Cade contributed to.
Sickcodes signed up for a free developer account with Deere and began probing the system. Within hours, they had discovered serious flaws in both Deere's website and mobile apps. For example, they were able to retrieve the names and addresses of farmers from the website.
12/
They also propose a method for automating this attack, which would allow them to extract the names, addresses and other personal information of every John Deere customer, including make and model, which would facilitate over-the-air attacks on the tractors themselves.
13/
The bugs that Sickcodes located are incredibly obvious and suggest that Deere's security is totally incompetent. This is especially grim in light of the fact that Deere has NEVER submitted a SINGLE bug to the US government's CVE database of serious flaws.
14/
A quote from Darpa's @JahnResearch in @securityledger gives a sense of the gravity of the situation: "We can easily imagine timed interference with planting or harvest that could be DEVASTATING."
Deere monopolized the ag-tech market with badly secured products that put the US food supply in serious risk. It operates no vulnerability disclosure, and it took legal measures to prohibit third parties from fixing its tractors to remediate the deadly flaws it ignores.
16/
Deere argues that we can't trust third parties to service tractors because they might expose farmers to cyber-risk; but Deere itself is exposing those farmers to even graver risks.
17/
Even if Deere had amazing cyber-security, we'd still want to be able to check its work and fix its mistakes. But it's not. Deere has prioritized securing its ability to harvest farmers over farmers' ability to harvest their crops.
18/
ETA - If you'd like an unrolled version of this thread to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Provocative framing from @delong: "These Chicago Boys are all right-wing Marxists. They buy the Marxian proposition that the state is an executive committee for rigging the economy in the interest of the ruling class."
1/4
"But they think that that is a good thing as long as the ruling class is based on wealth, however previously acquired. All their objections are to those who use some form of societal power other than wealth to try to rig the economy in their interest."
2/4
"And while there is an argument that a wealth-based ruling class is in general best, it is a weak argument. "
Next Tuesday, I'm helping @bruces launch "Robot Artists & Black Swans," a book of sf short stories in the Italian "fantascienza" mode, at Austin's @BookPeople!
#Iowa's HSB 272 ("An Act relating to tax collection and penalties, tax permits and loans made by state-chartered banks") is the kind of bureaucratic maneuver Woody Guthrie's meant with, "Some will rob you with a six-gun, and some with a fountain pen."
On its face, the bill is a completely ordinary piece of tax-code cleanup, purging some superannuated rules and consolidating others. But as Iowa law prof @ChrisOdinet writes for @CreditSlips, there's a clever gotcha hidden in that bloodless language.
Here's where the knife slips in: "The general assembly of Iowa hereby declares… it does not want any of the provisions of any of the amendments contained in Public Law No. 96-221 (94 stat. 132), sections 521, 522 and 523 to apply with respect to loans made in this state…"
3/