Public Knowledge’s canned message Tweetbot completely takes over your twitter account. How is this any different than a botnet?
Many of you are familiar with Public Knowledge for their general hostility towards copyright and the rights of authors. In particular, they are currently opposing the CASE Act which would finally give artists a small claims alternative to federal court. Most independent artists do not have the $100,000+ it takes to pursue a case in federal court. The court is voluntary, both parties have to agree to use the small claims copyright court. No one is forced into this system. It’s good for the claimant and the party accused of infringement. By all measures, this is a simple commonsense solution. And an overwhelming bipartisan consensus agrees in congress agrees. The Case Act recently passed in the house 410-6. Stunning!
The bill now goes to the Senate for consideration. Of course, Public Knowledge (Google-funded) doesn’t want the CASE Act to pass. So they have attempted to mount a “cyberturf” campaign directed at Senators using some sketchy social media and phone bots. This tweet bot distributes canned messages that are factually incorrect. Hostile foreign governments need not mount disinformation campaigns against our democratic institutions as we’ve already got Google astroturfs on the job!
In particular, Public Knowledge is distributing a tool that combines a “tweetbot” and “patch through calling.” The tweetbot is easy to understand. The patch through calling requires a little digging to understand how it could be (is intended to be?) abused. It doesn’t really provide any extra convenience to an individual activist. Any activist can look up their Senator’s office on iPhone and click on the telephone number. Whereas, for instance, if you have a boiler room full of paid activists, a third party could easily direct a firehose of phone calls at a wavering Senator, and the calls would be untraceable, the Senatorial staff would not realize it was the same group of paid activists calling over and over. It is my strong suspicion this is the point of these “patch through” phone bots. This is not far-fetched as something similar seems to have played out last summer in the EU parliament.
So I spent the last few days playing around with the “tools” provided by Public Knowledge (and EFF tools). The Public Knowledge tools were the most interesting. Perhaps horrifying is a better description. I came to three extraordinary conclusions:
First. In order to use Public Knowledges tweetbot, you have give total control of your twitter account to Public Knowledge’s contracted agent a company called Phone2Action. The permissions literally let the Public Knowledge and Phone2Action do anything with your account. It is as if you have joined a botnet. (See screenshot at top of article)
Second. Public Knowledge Tweetbot allows you to customize your message to Senators (above). But it also will tweet their canned message back to your followers (Below) WTF? This has got to be illegal. It’s forcing me to make speech that I would never make. It’s an unauthorized appropriation of my pubic persona to involuntarily endorse something I don’t want to endorse. What else is this bot doing in my name?
Third. After observing the tweetbot in action for a while, I went to revoke the Twitter permissions I had granted to Public Knowledge (Phone2Action). I noticed something unusual. Under twitter’s “apps and permissions” I saw an iPhone I did not recognize using my twitter account. See screenshot below.
Twitter was identifying this phone as being in Cedar Rapids IA. This seemed very strange. It was not my iPhone. Was not on airport Wifi and my phone IP address indicated my true location. (Not Cedar Rapids). I was not using a VPN. Bizarre. I logged this iPhone out of my twitter account as well as every other device using omy twitter account.* In the confusion, I forgot to disable the PublicKnowlege/Phone2Action permissions.
About an hour later I remembered I hadn’t revoked permissions. I checked my account and I saw that there were two new Ipads logged into my twitter account. WTF? One reported its location as Scaggsville MD, which is just outside the beltway in Maryland. I was hundreds of miles from that location. I have since disabled the permissions I gave to Public Knowledge/Phone2Action.
There have since been no unusual logins on my twitter account. I have no idea if this tweetbot had anything to do with these mysterious logins. But I have never seen anything like it before. On this third issue, I’m not placing the blame on Public Knowledge. But I’m having a hard time coming up with an explanation here.
*21 twitter sessions? Yes, I have a lot of computers. And many of them are running programs that monitor twitter and other social media for certain patterns and keywords. It’s part of other research I hope to publish one day.