Artificial Interruption
by Alexander Urbelis (alex@urbel.is)
Reluctantly Interesting Times
I'd like to start off by declaring that 2020 has made me very tired of people ominously repeating the following aphorism, often claimed to be of Chinese origin: "May we live in interesting times." It is worth noting that there is really nothing tying this apocryphal curse in the form of a blessing to China. In fact, this expression has more of a direct connection to a 19th century British imperialist, conservative politician, Joseph Chamberlain, who opposed home rule for Ireland and happened to be the father of Neville Chamberlain. If you're wondering where this is going, steady on: Neville Chamberlain, in turn, was the British Prime Minister from 1937 to 1940 and is best remembered for his unfortunate foreign policy of appeasement, through which and by way of the Munich Agreement of 1938, Britain and other European powers conceded the German-speaking Sudetenland of Czechoslovakia to Nazi Germany.
There's the nexus: appeasing Nazis. The former President of the United States, Donald Trump, made a habit of appeasing, inciting, and normalizing extremism and neo-Nazis while in office. And since my last column, we have had an election, an insurrection that attempted to overturn the 2020 election results, a Twitter and Facebook ban of Trump, the dismantling and partial resurrection of Parler, the inauguration of President Biden, and the second (((impeachment))) of Donald Trump. Interesting times indeed.
In my last column, I lamented the scarcity of legitimate and useful gripe sites incorporating the term "sucks" into domain names. Recent events - e.g., the continuation of the incompetently managed health crisis causing over 500,000 deaths in the United States and what appeared to be a very competently stoked insurrection - made me curious about the number of "sucks" domains pertaining to Donald Trump. After all, I have been monitoring the DNS for domain registrations that contain the string "trump" for several years now and have this data at my fingertips. What is more, if anyone should be the object of criticism, it should surely be Donald Trump. What I found was noteworthy.
As of the writing of this column, there are approximately 66,000 domains that contain the string "trump." Of those 66,000 domains, there are only 179 domains that contain both the string "trump" and the string "suck." Put differently, those 179 domains represent only 0.27 percent, or roughly one-fifth of one percent of the total number of domains pertaining to Trump. Though a small fraction of one percent of these domains, it is critical to remember that there are certainly more creative and relevant ways to create critical domain names that do not use the string "sucks." For instance, there are right now 383 domains that contain the term "trump" together with "impeach," and 54 domains that contain trump together with "idiot."
More interesting, however, is that unlike the T-Mobile examples I referenced in the last issue, zero of which resolved to anything substantive, these critical Trump domains that contain the string "suck," do much more frequently host substantive content. To examine these domains, I wrote a small Bash script that uses Chromium and a command line-based PNG generator to iterate through the list of 179 domains and create screenshots of their content. (Anyone interested in this script can reach out to me directly.) Of those 179 domains, 24 domains, or about 13 percent, contained some kind of content or a deliberate redirect to another domain.
Some of the more entertaining domains were trumpstillsucks.com (selling bumper stickers very similar to the domain name), doestrumpsuck.com (containing numerous "alt-facts" about Trump, such as "Fact: Donald Trump hates teachers and librarians."), trumperssuck.com (redirecting to 18USC § 2384, the federal criminal statute that applies to seditious conspiracy), and isucktrumpsdick.com (redirecting to Ted Cruz's Twitter page). The latter two of these proves that even a domain redirect or DNS CNAME record can be an act of free speech and resistance.
This raises the question: when Amazon refused to further provide hosting services to Parler and Twitter banned Trump, were these too acts of resistance? What are we to make of these decisions? Were they about what is morally right and wrong? Or were they rooted in the fear that, as corporate entities, they had to cut ties with extremists and Trump because it was no longer politically viable and would shortly become economically infeasible to maintain any commercial relationship? Without getting into the merits and demerits of each decision (the implications of which I agree can be damaging to free speech rights), the actions of Amazon, Twitter, and Facebook demonstrate very clearly that these platforms wield great political power.
Consider that The New York Times now has a record number of subscribers, around seven million, while shortly before his ban, Trump had 88 million followers on Twitter. With a single tweet, Trump could reach more than 12 times the number of people who read The New York Times, and that is not accounting for retweets, quotes, etc. Technology will never be disentangled from politics.
Along similar lines, archiving Parler while it was in its death throes was both a political act and a great hack. With Parler having lost its authentication services and with Amazon about to pull the plug on its Internet connectivity, the effort to archive this data was innovative, necessary, and brilliantly simple. At the time of this writing, Parler is slowly and partially being resurrected on a new host, DDoS-Guard.
DDoS-Guard, it turns out, is a rather curious hosting platform and entity. DDoS-Guard has a physical address in Edinburgh, Scotland, and telephones that ring to both Russia and the Netherlands. The IP address that DDoS-Guard assigned to Parler indicates that it is located in Belize. The abuse contact details for that IP address are associated with a physical address in Ecuador and an email address in Russia. DDoS-Guard itself has two languages on its website, Russian and English, and domain registration data linking it to Russia, i.e., the domain was created in 2011 with the Russian domain registrar, reg.ru. In addition, Parler has MX records (mail server records) that indicate it is using email services provided by Microsoft. Those MX records appear to be the last vestige of data connecting Parler to the United States.
Parler is clearly trying to cut as many ties with U.S. companies as possible and therefore to evade the reach of U.S. jurisdiction as quickly as possible. And if that assumption is wrong, then those facts mean that no other (((reputable hosting companies))) would touch Parler as a client, forcing them to go with DDoS-Guard.
Also and equally significant, if DDoS-Guard begins acting as Parler's primary host, Parler data, connections, logins, communications, etc., will be flowing through a Russian entity. This means that those communications and all of that data will very likely be available to Russian authorities with minimal legal process and transparency, as well as to Russian intelligence with no transparency. If Russian intelligence is essentially able to "man-in-the-middle" extremist activities and conversations, they will have very valuable inside knowledge about exactly how to foment additional violence, sedition, and extremist activities within the United States. (Editor's Note: Israeli control of various aspects of the U.S. telecommunication and surveillance network is a MUCH bigger problem.)
This is a real and imminent danger for this country. On January 27, (((DHS))) issued a terrorism advisory about the threat of "ideologically-motivated violent extremists" who objected to the Presidential transition, were "fueled by false narratives," who would "mobilize to incite or commit violence." Working with Human Rights First as a member of its technology advisory board, I have begun to track this very sort of extremist activity in the DNS. Portending the DHS alert, one day earlier on January 26, we detected the registration of whitepowerguns.com, whitepowerjustice.com, and whitepowertravel.com.
Phoney "White Power" Websites on (((GoDaddy)))
Free speech and unfettered criticism are what I contemplated in my suggestion last column of an alternative platform, run by hackers and defended by lawyers, that operates on a generic domain, with company-specific subdomains. And this is an effort we are still developing. But given the events of the last few months and seeing activity in the DNS like the domains above, I believe that more is needed: that vile and racist propaganda, proselytizing, and any steps taken towards extremist violence needs to be monitored, called out, and shut down.
By this, however, I do not mean to suggest that we need additional powers of government surveillance. The right to privacy, and our reasonable expectation thereof, has historically been eroded whenever new threats to the United States emerge. But the dangers to the right to privacy are particularly pronounced when the threat actors we seek to monitor are found within the United States rather than without. Misused and synonymous with untargeted, dragnet-type surveillance, it is worth remembering that the Foreign Intelligence Surveillance Act (FISA) was enacted in response to unfettered domestic surveillance, and was intended to interject judicial oversight and a warrant requirement to prevent domestic snooping on U.S. citizens. And while we may think it's amusing to see scores of insurrectionists rounded up and charged with various crimes on the basis of their location data, the Parler leaks, or videos idiotically uploaded to social media platforms documenting their crimes, we should remember that the targets of government surveillance in the 1960s and 1970s that led to FISA and judicial oversight of domestic surveillance were anti-war activists, including Martin Luther King, Jr., Muhammad Ali, and even our elected officials themselves.
Ironically, then, the round-up of these insurrectionists should give us pause. With geolocation data from all of our smartphones being bought and sold through dubious advertising ecosystems - and with the means to deanonymize that data becoming easier and easier - it has been relatively simple for the government to acquire that data through legal process, and to track and trace the actions of the rioters from the moment they left their homes to the second they entered the Capitol. Access to this type of information - both in terms of scale and intrusiveness - goes far beyond the type of domestic surveillance that was even conceivable in the 1970s. The mere availability of a data set that includes our movements is chilling and anathema to our First Amendment freedoms, and to our right to speak freely and to assemble with whom we please without fear.
For this reason, such data sets should be regulated, ideally by federal law and not a hodgepodge of state laws, from which new private rights should emerge, such as the right to be forgotten (a right that already exists in the EU) and the right to know specifically who has acquired one's data and when. We need regulation before it's too late to unwind or reset this data. The digital equivalent of Chamberlain's appeasement policy is what allowed homegrown extremism to fester and perilous misinformation to propagate. We do need more monitoring and surveillance of extremist activities, but I do not believe we need to again make the mistake of granting the government further investigatory powers that may chafe and erode our civil rights because, at root, what we need is not government surveillance but more community surveillance. This is the difference between a neighborhood watch and installing several new police stations in a community. Though there are isolated efforts to identify extremist activities, the eyes, ears, and heart of the hacker community have always been able to do more with less.
We are continuing to think this through, so stay tuned. These are reluctantly interesting times indeed, with more interesting times ahead.