Notices by Cory Doctorow (pluralistic@mamot.fr)

Indeed, if the action ever comes, it will be *because* of this reporting. You can't solve a problem until you know it exists.

A truism of the free/open source world is that "with enough eyeballs, all bugs are shallow." That is, with enough scrutiny, a solution will emerge.

9/

That idea came under enormous strain with 2014's Heartbleed Bug. It turned out that a widely used free/open piece of web-server infrastructure had a longstanding bug, just hanging out there in plain sight. The code was there for anyone to scrutinize, but no one had looked hard enough to find it.

https://heartbleed.com/

10/

That was a wakeup call for the community. It wasn't enough to publish sourcecode for important infrastructure. We had to build and fund *systems* that would audit that code. Having the code where anyone could see it would make their job easier, but the job wouldn't do itself.

We got lucky with Heartbleed. The good guys found it before it was ever exploited in the wild, and they coordinated a massive, global upgrade that patched the majority of webservers before the bug was disclosed.

11/

But we didn't get so lucky the next time. When the Log4j bug was discovered last November, it was already too late. We'd hit snooze on Heartbleed's wakeup call and holy shit had we ever overslept:

https://en.wikipedia.org/wiki/Log4Shell

Competent, serious people are worried about the vulnerabilities presented by the software that underpins our digital world, but none of them argue that the problem with that software is that it's available for inspection.

12/

The problem is that we don't inspect or act on it in a systemic, coordinated way. We don't take it seriously.

We should take it seriously.

The problem isn't that we know about these deep and worrying flaws. The problem is that we're not doing anything about them. Knowing these specifics - whether it's Log4j or SuisseSecrets - is the necessary, but insufficient condition for change.

These leaks are claim-checks on the people who sold us out. Someday, we'll collect on them.

13/

Despite Swiss officials' claims to have ended banking secrecy, the country is still a rogue state, a criminal haven. It's not only failing to end money-laundering, it's encouraging it: Switzerland is *broadening* its banking secrecy law to allow it to punish whistleblowers who reveal the nation's role in global finance crime:

https://www.reuters.com/article/us-swiss-banking-secrecy-exclusive/exclusive-swiss-prosecutors-seek-widening-of-secrecy-law-to-bankers-abroad-idUSKBN1D01CI

6/

To my friend's point, we kind of knew all of this. The leaks - SwissLeaks, LuxLeaks, IRS Files, Panama Papers, Paradise Papers, Pandora Papers - keep revealing that the marble facades of the world's greatest banks are holding back oceans of blood and misery:

https://pluralistic.net/2021/10/04/avoidance-is-evasion/#transparency

We haven't done anything about it.

Yet.

500 new billionaires were minted in 2020. Then it got worse. There's a new billionaire being minted every *17 hours*:

https://www.dw.com/en/forbes-a-new-billionaire-every-17-hours/a-57135443

7/

Behind every great fortune is a great crime:

https://quoteinvestigator.com/2013/09/09/fortune-crime/

It's a nightmare and it shows no sign of ending.

Knowing about it isn't enough. But knowing about it is *a start*.

The knowledge we've gained from the reporting on these leaks - reporting at great expense and risk, which has resulted in a journalist's assassination - isn't the reason for the inaction.

8/

Also mafiosi, killers, human traffickers, embezzlers, fraudsters, corrupters and worse. The facts laid out in the Guardian story (and stories in partner outlets like *Süddeutsche Zeitung*), there is no question that Credit Suisse knew whose money they were handling, and knew just how dirty it was.

What's more, the reporting makes it abundantly clear that Swiss banking secrecy is designed and maintained for the express purpose of laundering this blood money.

5/

The friend who emailed me about this wrote, "After so many of these, I am accepting that these leaks don't matter, and that those in power don't actually want to fix the system. Sunlight isn't doing any disinfecting at all."

He's not wrong, but that's not the whole story.

The problem isn't the *transparency*, it's the *inaction*.

3/

As Jeffrey Neiman - lawyer for the Credit Suisse whistleblowers - told the *Guardian*, "How many rogue bankers do you need to have before you start having a rogue bank?" I'd add, given that this rot extends beyond Credit Suisse to UBS and undoubtably further, "How many rogue bankes do you need to have before you start having a rogue banking system?"

2/

They money laundering revealed in Suisse Secrets abetted the worst criminals on Earth, like Nigerian dictator Sani Abacha, who looted $5b from his people and laundered hundreds of millions (or more) through Credit Suisse. Abacha is in good company - CS also laundered for the Marcoses and their bagman, and other looters from Syria to Madagascar.

4/

Look, there's been *another* massive banking leak, this one from Credit Suisse, showing complicity in laundering money for the world's greatest monsters: human traffickers, despots, criminals. They're calling it Suisse Secrets.

https://www.theguardian.com/news/2022/feb/20/credit-suisse-secrets-leak-unmasks-criminals-fraudsters-corrupt-politicians

They had to call it that, because Swiss Leaks was already taken, for the 2015 UBS leaks that revealed UBS's complicity in the same fucking thing.

1/

Today is the second anniversary of the founding of Pluralistic, my multiplatform, non-metrics-driven, solo blog, founded in some haste after my unplanned (but overdue and amicable) departure from Boing Boing.

For two years, I've been putting out a new edition nearly every day (550 posts, or 75%). Each edition has one or more posts, and many of the editions have consisted of one or two long essays.

1/

In some ways, Pluralistic's long form essays are the dividends for the 20+ years I've been a daily blogger. All those short pieces I've written over the preceding decades are available for me to search and reference in longer, synthetic pieces. The database isn't solely digital: every time I blog something, the act of writing it up for strangers helps me remember it and bring it to mind later. I call it "The Memex Method."

https://doctorow.medium.com/the-memex-method-238c71f2fb46

2/

I also run a daily "This Day in History" feature in which I revisit my blogging from one year, five years, ten years, fifteen years and twenty years ago. This is an invaluable tool for understanding the evolution of my own thinking and the long-run changes in the causes I care about:

https://pluralistic.net/2022/02/18/broken-records/#retro

The "pluralistic" in my Pluralistic strategy is twofold. First, I practice "POSSE" (Post Own Site, Share Everywhere).

3/

That is, while my posts appear as threads on Twitter and Mastodon, and as articles on Medium and Tumblr, the permalinks for each post live on my own site, which I control.

That is a *lot* of work, because the platforms firmly resist it. Platforms want to enclose our work. They don't want to be our distributors, they want to be our publishers, with the power to control our audience's access to us, and our access to our audience.

4/

When I started Pluralistic, I did all the cross-posting by hand. It was an *absurdly* complex process, and I made gross errors every day. Thankfully, a reader named Loren Kohnfelder volunteered to make me some Python scripts that automate vast swathes of that work away:

https://pluralistic.net/2021/01/13/two-decades/#hfbd

(Loren is a cryptography pioneer:

https://en.wikipedia.org/wiki/Loren_Kohnfelder

and he's just published an outstanding book "Designing Secure Software: A Guide for Developers")

https://www.penguinrandomhouse.com/books/696989/designing-secure-software-by-loren-kohnfelder/

5/

Without Loren's scripts, I wouldn't have been able to keep up the pace. Automation's benefits can't be overstated. I also benefited greatly from Mitch Wagner's suggestion of chirr.app, a Twitter thread-composition tool. It's pretty janky, to be honest, but *so much better* than Twitter's own threading tools.

6/

I've plowed the extra time that automation bought me into making Pluralistic better. I added another distribution channel (Medium), and I upped my illustration game, practicing diligently with The Gimp to turn public domain and CC sources into images. I'm especially proud of this "Luddite" illo:

https://pluralistic.net/2022/01/04/general-ludd/#loomsmashers

7/