J U N E 2021
| SEE YOU IN COURT
It created the internet. It’s ruining the internet. It protects free speech. It threatens democracy. It must be preserved. It should be repealed. Everything You’ve Heard About Section 230 Is Wrong BY GILAD EDELMAN
The Okta Identity Cloud. Protecting people everywhere.
© 2021 Okta, Inc. and its affiliates. All rights reserved.
Modern identity. For one patient or one billion.
FEATURES
P.60
WIRED 29.06
NO ONE COULD DENY TIMOTHY WAS SICK
He was a sweet-natured 10-year-old one day and a disturbed, obsessive stranger the next. But when doctors can’t agree on the cause of the illness, what happens to the patient? by Seema Yasmin
P.32 SACRED COMMANDMENT/ FALSE IDOL The true story of Section 230 of the Communications Decency Act. by Gilad Edelman
P.48 SOFT-SERVE HARDBALL How one couple built a device to fix the notoriously broken McDonald’s ice cream machines— and how the fast-food giant froze them out. by Andy Greenberg
P.70 EXPOSED A family-run psychotherapy startup grew into a health care giant. Then a hacker started posting patients’ most intimate secrets on the internet. What happened at Vastaamo? by William Ralston
P.80 A GIGANTICAL TALE OF LAFFERVESCENT GENIUS Nobody has heard of the sci-fi writer R. A. Lafferty—except for all of your favorite sci-fi writers. by Jason Kehe 0
0
3
CONTENTS
ELECTRIC WORD
P.6
WIRED 29.06
MIND GRENADES
Rants & Raves
ON THE COVER
P.8
Physicists, Poets, and Hints of Immortality by Virginia Heffernan
P.14 Where’s My Jetpack Insurance? by Paul Ford
P.18 How to Escape Surveillance Capitalism by Clive Thompson
P.22 Autonomous Bots Get a Helping (Human) Hand by Will Knight
P.24 Coder Dee Tuck Wants to Fix Hollywood’s Diversity Problem by Angela Watercutter Section 230 of the Communications Decency Act has shaped the internet so profoundly that some people practically put their hand over their heart when it’s dis-
P.26 Facebook’s Wrist Wearable Taps Into a New Level of Personal Data by Lauren Goode
P.28 Cloud Support: Can a Robot Cop
cussed. The wired art department
Be the Boss of Me?
chose this cover design because
by Meghan O’Gieblyn
sacred symbols are made to be reconsidered.
SIX-WORD SCI-FI
P.88 Very Short Stories by WIRED readers 0
0
4
MEET THE #1 RETINOL BRAND USED MOST BY DERMS PURE RETINOL
DERM-PROVEN RETINOL. IN THE LAB. AND IN REAL LIFE.
1 WEEK
Smooths the look of fine lines.
LUXURIOUS TEXTURE
4 WEEKS
Reduces the look of deep wrinkles.
#1 dermatologist recommended brand
©J&JCI 2021
ELECTRIC WORD
WIRED 29.06
RANTS AND RAVES In the May issue, Lauren Goode wrote about how social platforms wouldn’t let her forget the wedding she’d called off. On wired .com and in this issue (page 70), Seema Yasmin recounts a couple’s quest to identify their son’s rare disease, even as doctors dismissed their hunches. Also on wired .com, Jesse Jarnow dug into new AI software that remixes and upgrades, or “upmixes,” vintage music.
↙ Readers share their painful memories, medical mysteries, and musical dreams:
RE: “ALWAYS A BRIDE”
Over the weekend, my phone pushed an “on this day in 2020” photo of me in my New York apartment, drinking a beer, waiting for a video call with friends to start. I felt so ambushed and overwhelmed I thought I might cry. This piece explores so much more than why tech companies won’t quit sending you unrequested digital memories, but that part alone was comforting enough to reassure me I’m not losing my mind. —Gyan Yankovich (@GyanYankovich), via Twitter This story really captures the nuance of our digital memories and the unintended side effects of algorithms that resurface them without understanding that a contextual shift has occurred. Thanks for writing it in such a personal way. —David O’Brien (@d_obrien), via Twitter I’ve now a constant reminder from many services of who I was pre-transition. I don’t hate that past, but I also don’t want to be
RE: “ALWAYS A BRIDE”
Technology makes healing from old wounds incredibly difficult. And it’s really hard to opt out. —@ameliaboone, via Twitter
0
0
6
reminded of it, especially not by surprise. —Erin “Folletto” Casali (@Folletto), via Twitter We are just beginning to see the effects of our digital histories. I’d bet that in only a decade or so our phones will be able to record every reallife conversation and combine that with location data, so they will be able to record a second-by-second diary of our lives that we can flip back through. I don’t know if that’s horrifying or something that I would love. (“No, actually you said orcas weren’t dolphins! Phone, recall conversations with Sarah from April 16, 2031.”) —Vicefox, via Reddit RE: “NO ONE COULD DENY THAT TIMOTHY WAS SICK.”
I’m the mother of an 11-yearold daughter with PANS. We went from having a funny, whipsmart, and loving little girl to, overnight, having an obsessive, paranoid, sleepless, and eventually extremely aggressive child. Almost four years later, we found a pediatric immunologist who recognized her as a PANS kid and treated her. Within two weeks, she was a different child. A child who for three years wouldn’t allow me out of her sight went to sleep-away camp for a week and loved every minute of it. But my daughter can’t get her childhood back. Since there is no cure, I have yet to know a happy ending, just occasional glimpses of the child I know until the next flare-up. —Anonymous, via mail@wired .com This article was uplifting and frustrating. I am thrilled that Timothy and others have medical advocates working to
resolve the reasons behind their afflictions. But at the same time, I agree with Timothy’s observation that some doctors “are clueless.” With all their education and acumen, doctors are not gods. —Rudy Schneider, via mail@ wired .com To read this story, turn to page 70. RE: “HOW AUDIO PROS ‘UPMIX’ VINTAGE TRACKS AND GIVE THEM NEW LIFE”
This article struck a chord with me. I grew up in a house without television. Records and reel-to-reel tapes, played on a Heathkit system built by my older brothers, kept me in tune with the world. —Rick, via mail@wired .com This is the first big step toward my old dream of altering old music. The catch is that, mechanically, a lot of songs have stems that bleed into each other. AI that isolates vocals will often miss some echoes or overdubbed stuff, or accidentally catch anything that sounds like a vocalization, whereas our brains (for the most part) can pick out any sound that’s obviously a human voice. Or guitar. Or synthesizer. Or drum. So we’ve still got a long way to go, but no journey starts at the end. —Yuli-Ban, via Reddit
GET MORE WIRED All wired stories can be found online, but only subscribers get unlimited access. If you are already a print subscriber, you can authenticate your account at wired .com/register.
POW ER E D BY N AT UR E C RA F T ED FOR YOU
T I S S OT WATC H E S . C O M TISSOT, INNOVATORS BY TRADITION
BY VIRGINIA HEFFERNAN
MIND GRENADES
ALL PEOPLE WANT to enact a paradigm shift,
To model the universe as precisely as possible is to try to see the one thing that even the strictest atheist agrees is immortal.
ILLUSTRATIONS / KATE DEHLER
don’t they? Even if it’s not mRNA, or Lego, we want at least, on our one chance on Earth, to make a meme happen. So imagine the excitement on April 7, when more than 200 physicists from seven countries convened on a Zoom call for a kind of nonexplosive gender-reveal party. What was to be disclosed was not a baby’s sex but the fate of particle physics. While the rest of the world has spent more than a year preoccupied with epidemiology, this team of physicists has
0
0
9
0
1
0
IDEAS
spent three years collecting data for something called the Muon g-2 experiment, a much anticipated project headquartered at Fermilab, a physics and accelerator laboratory in Batavia, Illinois, that is overseen by the Department of Energy. The physicists had done their work half in the dark, with a key variable concealed. If you want a eureka badly enough, after all, you might be tempted to help the data along. Now the lights were coming on. “We had no idea” of the outcome, Rebecca Chislett, a physicist at University College London, told Scientific American. “It was exciting and nerve-racking.” Eureka. The experiment had aimed to determine, to the finest measurement, the strength of the internal magnetic field generated by a muon, a particle similar to an electron but 200 times more massive and supremely unstable, with a lifetime of 2.2 microseconds. Muons rain down on us all the time, the indirect product of cosmic rays colliding with particles in Earth’s atmosphere. But Fermilab’s accelerator makes its own. Many subatomic particles act like magnets, and the so-called Standard Model predicts the strength of their magnetism with great exactitude. To test the model, the team watched muons as they wobbled in a magnetic field and clocked whether the wobble deviated from what theory had predicted it would be. Indeed, it did. As Galileo might have said: Eppur si deviare. In the journal Physical Review Letters, the researchers reported that the infinitesimal deviation—0.0000002 percent away from what theory stipulated—was highly significant. In its press release, Fermilab even suggested that the discovery could force us to revise our basic model of how subatomic particles work. “The strong evidence that muons deviate from the Standard Model calculation might hint at exciting new physics. Muons act as a window into the subatomic world and could be interacting with yet undiscovered particles or forces,” read the press release. Graziano Venanzoni, a physicist at the Italian National Institute for Nuclear Physics in Pisa, called the findings “an incredible result … long awaited not only
MIND GRENADES
Wordsworth’s poem doesn’t just concern the fate of humans and the blue planet. Its subject is also intimations—what the physicists on the Muon g-2 project call “hints.”
by us but by the whole international physics community.” The known universe seemed, briefly, muonstruck. But it took only 12 days for another Italian physicist to throw cold water on the bliss. Carlo Rovelli, a founder of loop quantum gravity theory, which seeks to combine quantum mechanics and general relativity, and the author of Helgoland: Making Sense of the Quantum Revolution, which was published in English in May, wrote in The Guardian, “Physicists love to think of themselves as radical.” This self-conception, Rovelli went on, is understandable, especially among physicists, who make their names in the outer reaches of human understanding. But it also leads labs to overhype their findings. He cited examples of would-be “discoveries” in supersymmetry that initially seemed groundbreaking but didn’t live up to the hype. Rovelli especially zeroed in on the word “hint,” which appeared in that Fermilab press release. “I do not remember a time without some colleague talking about ‘hints’ that new supersymmetric particles had been ‘nearly discovered.’” The nearlys and hints, presumably, are often at a value that, unlike Fermilab’s 0.0000002 percent, may not be statistically significant. In 1807, William Wordsworth published an ode that was to Romantic poetry as the discovery of quarks was to particle physics in 1964: a breakthrough. “Intimations of Immortality from Recollections of Early Childhood” chronicles the poet’s emotional detachment from nature; his blissful rediscovery of it in memories of childhood; and his bittersweet resolution that, though the Earth will die, the suggestions of deathlessness in the present moment will sustain him in his grief.
Though nothing can bring back the hour Of splendour in the grass, of glory in the flower; We will grieve not, rather find Strength in what remains behind; In the primal sympathy Which having been must ever be; In the soothing thoughts that spring Out of human suffering; In the faith that looks through death …
NEW ROUTES TO ANYWHERE IN AMERICA DISCOVER RELIABLE SHIPPING TO EVERY ADDRESS IN THE COUNTRY
Business is changing and the United States Postal Service is changing with it, so you can reach your customers at the speed of now. Find out more at usps.com/newroutes.
Scheduled delivery date and time depend on origin, destination and Post Office™ acceptance time. Some restrictions apply. For additional information, visit the Postage Calculator at http://postcalc.usps.com.
1
2
IDEAS
MIND GRENADES
An intriguing approach to literature called ecocriticism, pioneered in the 1990s by the English philosopher Jonathan Bate, argues that Romantic poetry like this ode can suggest ways to conceive of our dying planet as one that we must save—or perhaps, in sorrow, and maybe love, allow to die. But Wordsworth’s poem doesn’t just concern the fate of humans and the blue planet. Its subject is also intimations—what the physicists on the Muon g-2 project call “hints.” As it happens, they are hints of the same thing: immortality. The central contention of physics has it that the building blocks of the universe will endure even if, or even when, the humans who tally them, and the planet we live on, all die. To see into the deathless universe is to try to see nothing so flamboyant as Wordsworth’s favorite daffodils and walnut groves, but to peer into the coldest spaces, the black holes and the fractional electric charge of theoretical subatomic particles. These entities have no blood flow, of course, but also no DNA; they’re not susceptible to pandemics, however virulent, or the divi-
dends and ravages of carbon. They don’t live, so they don’t die. To model the universe as precisely as possible is to try to see the one thing that even the strictest atheist agrees is everlasting—to try to achieve, in a lab, an intimation of immortality. Back to the living world that’s under our feet. Rovelli is right to caution against the potential delusions of those who are greedy for eurekas. But, as a fellow physicist with a radical streak, he is also sympathetic to their ambitions, a drive to “learn something unexpected about the fundamental laws of nature.” To Rovelli, whose latest book describes quantum mechanics as an almost psychedelic experience, a truly radical discovery entails the observation of phenomena
CHARTGEIST
by Jon J. Eilenberg
Flying Objects
Charmin BRB bathroom-break AI-powered Zoom bot
NFTs
Apple Airtags
Facebook Live Audio Rooms Copycatness
Scientific Importance
Practical Utility
Tech Releases
Aerosolized SARSCoV-2
can one achieve the kind of immortality that scientists get, the glory of someone like Einstein or Heisenberg. But to keep looking, as Rovelli has, as Fermilab has with this study on the muon’s magnetism, is also to apprehend hints. To follow hints. In that way, the physicist’s work and the poet’s are the same. And if Wordsworth is right, immortality can be found, of all places, in the hint—the staggering proposition by nature itself that, in spite of all the dying around us, something of all we love might be imperishable, might still flicker or shine or wobble when the rest of our world is gone. VIRGINIA HEFFERNAN (@page88) is a
regular contributor to wired .
Netflix Play Something Opt-in only
Mars Ingenuity helicopter
Delta 3606 LAX → ABQ Wow! Factor
User-Friendliness
0
Immediately starts playing what Netflix thinks you’ll want to watch
Immediately starts playing what Netflix thinks you’ll want to watch
Eliminates “decision fatigue”
Problem Solving
BY PAUL FORD
IDEAS
0
1
4
We tend to predict the future through our own narrow lens— and we’re always wrong. True vision lies in seeing connections.
is a 500-page anthology from 1980, assembled by the same people who gave us The People’s Almanac. It’s a simple conceit: They asked various experts and sci-fi types (with the occasional psychic or spoon-bender) to imagine the next 50 years. I bought the book years ago, left it on the shelf at the office, and never read it. If anything was predicted, it was this pandemic. And yet somehow we didn’t believe it was happening. Many still don’t. I found myself thinking often in the past year about predictions, long- and short-term, and reading up on predictive frameworks and forecasting methods (i.e., browsing Wikipedia). My mind kept wandering back to this volume THE BOOK OF PREDICTIONS
ILLUSTRATIONS / ELENA LACEY
with its bright-yellow slipcover, one forbidden commute away. I could have ordered another copy, but you should have limits. So two weeks after my second shot, in I went on the express bus to the frozen-intime office, where a jacket still hung over the back of a chair, and hair gel and dress shoes sat under my desk, as if we’d fled a war. I puttered around the office alone, the last man on Earth, and when the workday was done I grabbed the book and started to read. Here is my review: All of the predictions are wrong. Every now and then someone writes something like “By 2000 you’ll be able to listen to any album in a record store through a data service,” and you can
squint and see Spotify. Or someone else describes wrist phones. My favorite was Erskine Caldwell, known as the author of tragic-but-comic sex satires like Tobacco Road, who perfectly predicted Bitcoin, except he expected it for 1990. No, really. He wrote: “A different kind of money will be in circulation. Not gold and not paper. It will be a computer type of exchange of credits and debits.” This is the firmest evidence produced so far that Erskine Caldwell, author of God’s Little Acre, who died in 1987, is Satoshi Nakamoto. Caldwell also said that the capital of the US would move to Minneapolis in 1999, including the “spies, and call girls.”
Socially Responsible ®
is a way
1
2
1-"Corporate Sustainability: First Evidence on Materiality,” Harvard Business School, 2015, https://dash.harvard.edu 2-Advisory services are offered for a fee by PCAC, a wholly owned subsidiary of Personal Capital Corporation, an Empower company. Personal Capital Advisors Corporation (“PCAC”) is a registered investment adviser with the Securities and Exchange Commission (“SEC”). SEC registration does not imply a certain level of skill or training. Investing involves risk. Past performance is not a guarantee nor indicative of future returns. The value of your investment will fluctuate, and you may lose money. All charts, figures, and graphs are for illustrative purposes only and do not represent an actual client experience. Featured individuals are actors and not clients of PCAC. Personal Capital Corporation is a wholly owned subsidiary of Empower Holdings, LLC. © 2021 Personal Capital Corporation, an Empower Company. All rights reserved.
0
1
6
MIND GRENADES
Retcon the concept of Twitch to 1980 and it comes out like, “A new cable TV station will launch that shows live video of people playing Space Invaders at arcades, and Sears will buy it for $370 million.”
29.06
When you aggregate hundreds of predictions, the result is a special, concentrated kind of wrong. Everyone was trying their best, and everyone missed. And these 40-year-old predictions don’t seem wrong in the fun, steampunk way that, say, late Victorian predictions of personal blimps or hotair-ballooning robots might seem wrong. They’re just saggy middle-aged predictions. In 1980, nuclear war was right next door and space was salvation. Many people in this book believed that the next 50 years would give us people on Mars, and millions more in orbit. The mistake was assuming that the rate of progress would keep accelerating until we left the planet. Consider: The Soviet Union shoots a tin can into orbit with Sputnik. Twelve years later, in 1969, the USA sends another tin can to the moon—and, more impressively, sends it back without murdering its contents. That is a very rapid rate of change. It’s also roughly the same amount of time that Microsoft took to go from Windows 95 to Windows Vista Service Pack 1. Each correspondent in this volume has their own personal definition of progress, and they are pessimistic or optimistic in direct correlation to that definition. The Catholic priest predicts the return of traditional sexual mores; the sci-fi writer has us renting asteroids; the CIA guy says the Soviets will rule the world; the dentist predicts increased use of dental lasers. I started to see each prediction as a little work of literature, almost painfully revealing. To ask someone to predict is invariably to ask them to prioritize, and then fantasize. Sportswriter Martin Abramson predicted that by 2030 a 3,000-pound fish would be caught in Alaska with a rod. Here was a man who, when asked to paint a portrait of the future a half-century away, imagined a very large and wonderful fish. We talk about “progress” like it’s a vast, shared contract between our era and future generations, signed in hopeful ink. But progress is individual, personal, and in the eye of the beholder. People could imagine a future for their disciplines, a future with wars, a future on Mars, or a future with laser dentistry. What no one could see was the potential of all the layers of infrastructure coming into being right around them. Think of Twitch,
the video game streaming platform. How could you have predicted Twitch 40 years ago? It’s a child with so many parents: It required alchemy between the internet, the AAA video game industry, specialized 3D computer chips, low-cost camera equipment, and a thousand other ancillary industry-scale things that seem obvious in hindsight. You’d need to predict all of those things to predict Twitch. Of course, it also required Amazon to buy it and host it and build it ever larger, so now you need to predict Amazon too. Try to go in the other direction and retcon the concept of Twitch to 1980: It comes out like, “A new cable TV station will launch that shows live video of people playing Space Invaders at arcades, and Sears will buy it for $370 million.” (Frankly, I’d watch it.) Imagining jetpacks is the easy part; imagining the multitrillion-dollar personal-jet refueling industry is less exciting; imagining the liability and insurance products required to deal with malfunctioning-jetpack lawsuits is harder still. And where will they park? The future is messy. There are still lawyers. It’s no surprise that billionaires like Jeff Bezos (and Elon Musk too) keep funding space exploration. It’s a way to pick up where the world left off, take the old future out for a spin, and force the old predictions into coming true. The best way to predict the future is to spend billions of dollars reinventing it. What, then, for mortals? What I took away from The Book of Predictions, 40 years later, is to watch for the curious and interesting intersections between very large things. Look for points of contact or points of conflict. Pick two enormous forces and wonder how they connect. Climate and transit. Software-asa-service and protest movements. Pandemics and entertainment. You can’t predict the future. You can only better understand the layers and let your mind wander over them until you find a connection worth making and a new thing worth building, even if you’re the only one who sees it. You can give it a name and believe in it, and try to make it come true. That’s progress. PAUL FORD (@ftrain) is a programmer,
essayist, and cofounder of Postlight, a digital product studio.
THE NEW SLEEP NUMBER 360 SMART BED ®
Get almost 100 hours more proven quality sleep per year.* Discover the first bed in the world designed to help you fall asleep faster and proven to provide more restful sleep. Enjoy your own personal microclimate as it gently balances surface temperature to keep you both blissfully asleep. Because proven quality sleep is life-changing sleep.
Temperature balancing
SleepIQ Score ®
Smart 3D fabric is up to 50% more breathable for a cooler sleep surface†
Adjustable comfort on each side
Automatically responds to you
Personalized insights for even better sleep
15-Year Limited Warranty ‡
100-Night Trial§
REQUEST SPECIAL OFFERS | 1-877-316-3922 | sleepnumber.com/wired
Upholstered furniture and adjustable base available at additional cost. Prices higher in AK and HI. *Based on internal analysis of sleep sessions assessing sleepers who use multiple features of Sleep Number products. Claim based on sleepers achieving over 15 more minutes of restful sleep per sleep session. †Compared to ordinary mattresses, based on independent tests performed by the CSIRO. Available on select models. ‡Limited warranty available at sleepnumber.com. §Restrictions and exclusions apply. Does not apply to adjustable bases, upholstered furniture, closeout/clearance or demo/floor model purchases or mattresses already exchanged under another In-Home Trial period. You pay return shipping. Refunds will be made to the original method of payment less original shipping/delivery fees. Visit sleepnumber.com for complete details. SLEEP NUMBER, SLEEPIQ, SLEEP NUMBER 360, the Double Arrow Design, and SELECT COMFORT are registered trademarks of Sleep Number Corporation. ©2021 Sleep Number Corporation
BY CLIVE THOMPSON
IDEAS
29.06
ILLUSTRATION / YANN BASTARD
MIND GRENADES
0
1
9
Subscribers get unlimited access to all WIRED stories online. To authenticate your subscription, go to WIRED.com/register. Not a subscriber but want to get the best daily news and analysis of the biggest stories in tech? Subscribe at WIRED.com/subscribe.
Christie Hemm Klok
Get More A.I. Get More Robots Get More Ideas Get More Rockets Get More Crispr Get More Blockchain Get More Informed Get More at WIRED.com
WHAT THE BEAUTY EXPERTS WANT NOW
All members will receive Donginbi Single Essence, Espa Clarifying Mask (full size), and Laruce 3-Piece Brush Set (full set); either Oribe Flash Form Finishing Wax Spray or Moroccanoil Treatment Oil; either Lapcos Tea Tree Mask, Erno Laszlo Multi-Task Eye Serum Mask, or When Sheet Mask Glamour Base; either Skin & Co Truffle Therapy Whipped Cleansing Cream or Saturday Skin Rub-A-Dub Refining Peel Gel (both full size). Assortment based on member history. Members never receive the same product twice. New members will receive MAC Magic Extension Mascara and Natasha Denona Eye Shadow Single. On sale June 1-30, 2021. All while supplies last. *Includes retail value of new member gift.
BY WILL KNIGHT
BUSINESS
Remote Control As robots take on more challenging work, a growing industry is giving them a helping (human) hand.
DAVID TEJEDA HELPS deliver food and drinks
to tables at a small restaurant in Dallas. And another in Sonoma County, California. Sometimes he lends a hand at a restaurant in Los Angeles too. All at the same time. He does this work from his home in Belmont, California, by tracking the movements and vital signs of robots that roam each establishment, bringing entrées from kitchen to table and shuttling dirty dishes back. Once in a while he needs to help a lost robot reorient itself. “Sometimes it’s human error, someone moving the robot or something,” Tejeda says. In that case, he looks through the bot’s camera to find a landmark, like a certain piece
of art on the wall, to get his own bearings, enabling him to maneuver the machine to the right spot. Tejeda is part of a small but growing shadow workforce. Robots are taking on all sorts of blue-collar work, from driving forklifts and toting freshly picked grapes to stocking shelves and, yes, waiting tables. Yet behind many of these droids are humans who help them perform difficult tasks or take over when they get confused. Like Tejeda, these bot valets work from bedrooms, couches, and kitchen tables, remote laborers who reach into the physical world. The need for this kind of human help high-
29.06
lights the limits of artificial intelligence and suggests that people may serve as crucial cogs of automation for quite some time. “The more automation you inject into a scenario, the more, at least for now, you need those humans there to handle all the exceptions and just watch and supervise,” says Matt Beane, an assistant professor at UC Santa Barbara who studies robotic automation of manual work. Despite impressive progress in recent years, figuring out how to navigate environments that change, and change often, is still an unsolved problem in AI and robotics. Human operators have been helping robotic systems in hospitals for more than a decade. A few years ago, as robots started being used in more workplaces—hotels, restaurants, supermarkets—it seemed as if human aides might be just a stopgap, helping until AI improves enough for the machines to go it alone. Now, Beane says, it seems that a living, breathing workforce will continue to grow. “They’re cleaning up after the robot,” he says. “They are the human glue that allows that system to function at ‘99.96 percent reliability,’ according to reports given to some VP of automation somewhere.” Beane says the smartest companies will use input from human operators to improve the algorithms that control their robots. Each time a person labels an object in an image—a chair, for example—it can help train the machine-learning algorithm that the bot uses to navigate. But training AI this way requires vast amounts of carefully labeled data to be effective, and there seems to be no shortage of new tasks for people to do. Beane has yet to come across a company that has successfully replaced human operators by having them train an AI. Tejeda works for a company called Bear Robotics. Its cofounder and chief operating officer, Juan Higueros, says the company is ramping up production to meet growing demand and plans to hire dozens more human helpers. “This is going to become a very important aspect of how robotics companies will have to operate,” Higueros says, adding that Bear has had no trouble finding people willing to do the work. Another sign that robot wrangling is taking off is the rise of startups focused on the problem. Jeff Linnell, who worked on robotILLUSTRATION / SEAN DONG
MIND GRENADES
0
2
3
ics at Google, left to found a company called Formant in 2017, when he realized that more remote supervision would be needed. “There are all sorts of applications where a robot can do 95 percent of the mission, and a person can pick up that slack,” he says. “That’s our thesis.” Formant’s software combines tools for handling fleets of robots with others for setting up teams of remote operators. “The only way you get to an economy of scale over the next decade is to have a human behind it, managing a fleet,” he says. Even network providers are looking to capitalize on the trend. At its Newlab “innovation center” in New York, Verizon is helping startups test robots using 5G wireless technology. With faster speeds and lower latency, 5G will allow robotics companies to run more powerful AI software in the cloud instead of on their robots, potentially making them smarter and more reliable. In February, Verizon acquired a startup called Incubed IT, which makes software for managing and controlling robots. Some of the technology used to operate robots from afar comes from the world of self-driving cars, which often need some form of human assistance when a vehicle gets confused and grinds to a halt. The company Phantom Auto makes software that helps remote workers control autonomous cars, delivery robots, and forklifts. According to the startup’s cofounder and chief business officer, Elliot Katz, companies have been drawn to remote operation because it removes humans from dangerous situations, provides access to new pools of workers, and boosts the ability to scale capacity up and down. The pandemic has accelerated all that, he adds: “Our customers are focused on, how do we drastically reduce the number of workers in our facilities?” Katz deflects the obvious problem this raises by suggesting that those who have recently become unemployed may find remote robot work an attractive option. “You have so many people, mainly due to the pandemic, that are home, unemployed,” he says. “We can train people who are willing to do this job.” Help wanted: outboard brain for robots. Senior writer WILL KNIGHT (@willknight) covers artificial intelligence for wired .
BY ANGELA WATERCUTTER
CULTURE
29.06
Hire Calling At Ava DuVernay’s Array film collective, coder Dee Tuck is on a mission to help Hollywood find a diverse workforce.
DEE TUCK HAS heard all the excuses. “I want
to hire more women, but I just don’t know where they are.” Yep. “I want to hire more people of color, I just don’t know anybody.” That too. She’s been working in tech for more than a decade and has often been the only Black female engineer on her team. She has reviewed company hiring practices and pointed out that “maybe you’re weeding out a lot of people who can’t code with eight nonpeopleofcolor watching them on Zoom.” Tuck doesn’t want to hear the excuses anymore. Last November she was tapped to be chief technology officer at Array, the film collective founded by director Ava DuVernay. Her main objective: launch ing Array Crew, a database of women and people of color that studios can use when staffing up for movies and TV shows. The goal is to see if the industry will diversify its ranks when the “We can’t find any body” barrier is removed. “When we really diagnosed the issue, it wasn’t that people weren’t willing to do it, it was that people weren’t willing to be inconvenienced to do it,” DuVernay says. “So what we tried to do is create a platform that made it really easy. And so now we’re in a space where, to be frank, if you still don’t do it, you never really wanted to.” Hollywood has been in the midst of a yearslong reckoning with its overabun dance of white male directors and stars. But less noticed is how few women and people of color appear in what are known as belowtheline jobs—the ones on the bottom half of the production budget. For decades, the industry has relied on people hiring the folks they already know for these gigs, leaving out swaths of qual ified applicants. “It’s harder to manage on the production side, because hundreds of productions come and go each year within ILLUSTRATION / JIAQI WANG
each studio,” says Kevin Hamburger, head of production at Warner Horizon Televi sion. Array Crew, which debuted online in February and will be available as a mobile app in June, allows job seekers to create a profile that includes their résumé, location, images, reels, and contact information so that line producers can pull up every can didate near their film set; it also has tools to help managers keep track of the people they hire for each shoot. On its face, there’s a tension in how Array is using technology to solve Holly wood’s inclusivity problem. We now have search engines optimized to find every thing from adoptable pets to dinner (for better or worse), but leaving something as complicated as workplace diversity to machines is far more tricky. Which might be why Array’s fix is purposefully simple. The database’s results are organic; there aren’t algorithms boosting some folks and not others. Someone crewing up a movie can search for certain positions (makeup artist, grip), locations (Los Angeles, New York), names, trade union membership, and experience level, but that’s it. Unlike, say, Google results, Crew’s list of candi dates comes up in the most analog way
possible: alphabetically. Hiring managers can sort by first or last name or those most recently added, but from there it’s up to them to pick a team. Zooming from her Atlanta home, wear ing a sweatshirt from her alma mater, Tuskegee University, Array’s CTO speaks pointedly about the best ways to remove barriers. Tuck has witnessed roadblocks to hiring throughout her career, and from the beginning her team was intentional about spotting and eliminating them. “We have conversations about the smallest things,” she says. Like that search function. Array could have made every field on a user’s profile searchable, but doing so might have left someone out of the results just because they didn’t include a certain keyword. “We realized that could’ve created some type of barrier to entry for people,” Tuck says. That puts an onus on the line producer to look through the list of candidates. But that’s the point—to make them look somewhere they hadn’t been looking. Born and raised in Cincinnati, Tuck started trying to figure out Windows 95 at her uncle’s house when she was about 11 years old. “A few times,” she laughs, “he had to call me and be like, ‘What did you do? I can’t get in.’” She spent time at IBM and worked on missile defense at Lockheed Martin. By the time Tuck got to GitHub in 2020, she was making sure every job she took gave her a say in hiring decisions. “I really do believe in building diverse teams, because we ship better products that way,” Tuck says. “If you just have one demo graphic building a thing, you’re not going to end up with the best solution.”
The list of candidates comes up in the most analog way: alphabetically. There are no algorithms boosting some folks and not others.
When Tuck and I spoke, Array Crew had more than 5,000 verified users. It’s free for workseekers; studios pay an annual fee. “This is an investment. It’s incumbent upon us to make sure this works,” says Jen nifer Lynch, who oversees corporate social responsibility at Paramount Pictures, one of several studios, including Netflix and Disney, that signed on to be a Crew launch partner. “We’re in this for the long haul.” That footslogging is key. Too often diver sity efforts fail when old habits creep back in. Studios must buy in, because for the effort to succeed it’s essential that their employees and partners use the service.
One function Tuck’s team is working on is the ability to provide demographic breakdowns for each production. DuVer nay notes that she doesn’t want Crew to become just a “report card” for whether studios keep their promises, but Tuck sees other benefits: “We have to be able to tell a story of how we impacted the industry.” As we’re wrapping up our Zoom, Tuck’s team jumps on. She opens the conversa tion by asking everyone to name the song they currently have on repeat. (Bill With ers, Big K.R.I.T., and “Baby Shark” are all represented.) Kelsey Kearney, who han dles Array’s relationships with studios,
notes that it’s been a week of questions and requests from partners wanting more from the Crew database, like support and help desk functions. A lot of these wants will be fulfilled by the new mobile app. “I love a deliverable,” she laughs. But there’s something else they want. Hol lywood’s push for diversity goes far beyond LA. Could Crew release an international ver sion? Tuck says it’s at the top of her todo list and promises there’s “more to come on that.” So, yes, she’s on it. No excuses. Senior editor ANGELA WATERCUTTER (@WaterSlicer) covers pop culture for wired .
BY LAUREN GOODE
GEAR
Thought Experiment Facebook wants to improve human-computer interactions— by getting access to a whole new level of personal data. appeared on March 9 in an Andrew Bosworth tweet. Bosworth, the head of Facebook’s augmented- and virtual-reality research labs, had just shared a blog post outlining his group’s vision for the future of human-computer interaction. Then he tweeted a photo of a wearable—something that looks like an iPod Mini mounted on a thick wristband. Facebook already owns our social experience and some of the world’s most popular messaging apps. So anytime the company dips into hardware, whether that’s a VR headset or a video-chat device with a camera that follows you around the room, it inevitably sparks questions about Facebook’s intentions. In this case, the questions are less about the hardware and more about whether the interactions the wearable is designed to enable will only deepen our ties to Facebook. (Answer: probably.) So what is this thing? It’s an electromyography device, which means it translates electrical motor nerve signals into digital commands. To put it plainly, it’s a new way for humans to control computers. When it’s on, you can just flick your fingers in space to manipulate virtual inputs, whether you’re using a VR headset or interacting with the real world. You can also “train” it to sense the intention of your fingers, so that actions happen even when your digits are at rest. The nameless device is just a concept, and Bosworth says the technology could become widely available in five to 10 years. Such technology could do wonders for the AR/VR experience, which can leave the user feeling a distinct lack of agency when it comes to their hands. Slip on a VR headset and your hands disappear. Picking up a pair of controllers lets you play games or THE DEVICE FIRST
grasp virtual objects, but you lose the ability to take notes or draw with precision. Some AR or “mixed-reality” headsets, like Microsoft’s HoloLens, use tiny cameras to track hand gestures. (This works … sometimes.) Facebook’s hope is that its wearable would enable more accurate hand-computer interactions. Bosworth says the company’s vision for the wrist tech extends beyond AR and VR. “If you had access to an interface that allowed you to type or use a mouse— without having to physically type or use a mouse—you could use this all over the place.” He also suggests the microwave as a use case: Why not program the wearable to sense that you want to cook something for 10 minutes on medium? (Bosworth clarifies that Facebook is not building kitchen appliances, but we do hope the company is not spending billions to give us telepathic connections with something as already intuitive as a microwave.) In a virtual demo, a person was shown wearing the wrist device and playing a video game without moving their fingers. These kinds of demos tend to (ahem) gesture toward mind-reading tech, but Bosworth insists it is not that. Here, he says, the wearer’s mind is creating signals identical to those that make the thumb move, without moving the thumb. The device records an intention to move the thumb. “We don’t know what’s happening in the brain,” he says, “until someone sends a signal down the wire.” Bosworth also emphasizes that the wearable is different from the invasive implants used in a 2019 brain-computer interface study that Facebook was involved in or Elon Musk’s Neuralink tech. In other
Courtesy of Sonos; Spark Grills; Evercade
29.06
words, Facebook isn’t reading our minds, even if it already knows a heck of a lot about what’s going on in our heads. Researchers say there’s still a lot of work to be done on EMG-based input devices. Chris Harrison of Carnegie Mellon’s Human-Computer Interaction Lab points out that everyone’s nerves and wrists are different: “There’s always a calibration process that has to happen.” There’s also the risk of visuo-haptic mismatches, where the user’s visual experience—whether in AR, VR, or real space—does not correlate to the haptic response. These points of friction can make interactions feel frustratingly unreal. Even if these obstacles can be overcome, there’s still the question of why Facebook— largely a software company—wants to own this new computing paradigm. And why we should trust it. Facebook has a record of sharing user data in “exchange for other equally or more valuable things,” as wired ’s Fred Vogelstein wrote in 2018. A more recent report in MIT Technology Review described how a team at the company assembled to tackle “responsible AI” was undermined by leadership’s relentless quest for growth. “Sometimes these companies have cash piles large enough to invest in these huge R&D projects, and they’ll take a loss if it means they can be front-runners in the future,” says Michelle Richardson, director of the Data and Privacy Project at the nonprofit Center for Democracy and Technology. But, she notes, it’s difficult to overhaul products once they’re built—which is why it’s important to start conversations about privacy and other implications early in the process. Bosworth says Facebook sees tech like this as fundamental to connecting people. If anything, the past year has shown us the importance of connecting, he says. He also seems to believe he can earn the required trust by not “surprising” customers: “You say what you do, you set expectations, and you deliver on those expectations over time. Trust arrives on foot and leaves on horseback.” Rosecolored AR glasses, activated. Senior writer LAUREN GOODE (@LaurenGoode) covers consumer tech issues and trends for wired . She wrote about why the internet won’t let us forget in issue 29.05. ART / ALYSSA WALKER
MIND GRENADES
WIRED RECOMMENDS
The latest picks from our reviews team.
Sonos Roam Portable Speaker → RATING: 9/1O WIRED Sleek, portable design. Bold sound that doesn’t distort at high volumes. Easy to pair at home and on the go, thanks to Bluetooth and Wi-Fi connectivity. Sonos hardware and apps are user-friendly and streaming-serviceagnostic. IP67 dust- and water-resistance rating (beach time!).
$169 TIRED Expensive for its size (6.6 inches tall). Wireless charging pad not included—$50 extra. The sound is impressive, but don’t expect true audiophile-grade quality. Gray color makes it somewhat hard to find in a dark bag, but that’s just nitpicking. —Parker Hall
Spark One Grill → RATING: 7/1O WIRED Combines great charcoal flavor with the ease of a gas grill. Starts at the turn of a knob. Midcenturymodern-inspired design. Companion app lets you adjust temps via Bluetooth. Bamboo cutting board and work area provide ample space for food prep.
$899 TIRED Proprietary charcoal Briqs are expensive and must be bought directly from Spark. Difficult to add more charcoal mid-cook. Setting up two-zone grilling is awkward. Pricey. —Scott Gilbertson
Evercade Retro Handheld Console → RATING: 8/1O WIRED Comfortable to use. Lots of officially licensed classic game collections from the likes of Atari and Namco to choose from. Save State lets you pick up a game right where you left off. Works as a controller for big-screen gaming. Affordable.
$80 TIRED Not every game is a hit (a few old 8-bit Atari titles are probably best forgotten). No multiplayer modes. Charging adapter not included. Game cartridges are $20 a pop. Battery life won’t knock your socks off. —Simon Hill
For the full reviews of these products and more, visit WIRED .com/gear.
0
2
7
BY MEGHAN O’GIEBLYN
ADVICE
DEAR CLOUD SUPPORT:
Does a Robot Get to Be the Boss of Me?
I’m disturbed by the fact that law enforcement agencies are increasingly using robots for neutralizing threats, surveillance, and hostage situations. Maybe I’ve just seen RoboCop too many times, but I’m wary of machines making crucial, life-or-death decisions—especially given how often actual human officers abuse their authority. Do I have any kind of moral obligation to obey a police robot? —SUSPECT
Dear Suspect, Hollywood has not been particularly optimistic about robots in positions of authority. RoboCop is just one example of the broader sci-fi canon that has burned into our minds the tragic consequences of relinquishing critical tasks to inflexible machines—robots whose prime directives are honored with a literalism that can turn lethal, who can blast a person to death but are confounded by a set of stairs. The message of these films is clear: Rigid automatons are incapable of the improvised solutions and moral nuance that’s so often required in moments of crisis. It may have been this stereotype that led Boston Dynamics, some of whose robots are being incorporated into police departments, to release a video last December of its models dancing to the 1950s Contours hit “Do You Love Me.” Maybe you saw it? The robots included Atlas, an android that resembles a deconstructed storm trooper, and Spot, which served as inspiration for the killer dogbots in the “Metalhead” episode of Black Mirror. Neither machine seems to have been designed to quell fears about a robot takeover, so what better way to endear them to the public than to showcase their agility? And what better test of said agility than a skill considered so uniquely human that we invented a move designed to mock an automaton’s inability to do it (the Robot)? Watching the machines shuffle, shimmy, and twirl, it’s difficult to avoid seeing them as vibrant, embodied creatures, capable of the same flexibilities and sensitivities as ourselves. Never mind that Spot’s joints can slice off your finger or that police robots have
Cloud Support: Spiritual Troubleshooting for the Digital Age For philosophical guidance on encounters with technology, write to cloudsupport@wired .com.
29.06
already been used to exercise deadly force. One way to answer your question, Suspect, without any appeals to moral philosophy, might be in terms of pragmatic consequences. If you have plans, as most of us do, to remain alive and well, then yes, you should absolutely obey a police robot. But I sense that your question is not merely practical. And I agree that it’s important to consider the trade-offs involved in handing policing duties over to machines. The Boston Dynamics video, incidentally, was posted at the tail end of 2020 as a way “to celebrate the start of what we hope will be a happier year.” One week later, insurgents stormed the Capitol, and images proliferated of police officers showing little resistance to the mob— photos that were strikingly juxtaposed, on social media, against the more severe responses to the Black Lives Matter protests last summer. At a moment when many police departments are facing a crisis of authority due to racial violence, the most compelling argument for robotic policing is that machines have no intrinsic capacity for prejudice. To a robot, a person is a person, regardless of skin color, gender, or cause. As the White House noted in a 2016 report on algorithms and civil rights, new technologies have the potential to “help law enforcement make decisions based on factors and variables that empirically correlate with risk, rather than on flawed human instincts and prejudices.” Of course, if current policing technology is any evidence, things are not that simple. Predictive policing algorithms, which are used to identify high-risk persons and neighborhoods, are very much prone to bias, which the roboticist Ayanna Howards has called the “original sin of AI.” Because these systems rely on historical data (past court cases, previous arrests), they end up singling out the same communities that have been unfairly targeted in the first place and reinforcing structural racism. Automated predictions can become selffulfilling, locking certain quadrants into a pattern of overpolicing. (Officers who arrive
MIND GRENADES
at a location that has been flagged as ripe for crime are primed to discover one.) These tools, in other words, do not so much neutralize prejudice as formalize it, baking existing social inequities into systems that unconsciously and mechanically perpetuate them. As professor of digital ethics Kevin Macnish notes, the values of the algorithm’s makers “are frozen into the code, effectively institutionalizing those values.’’ At present, the officers who act on algorithmic recommendations are still human, but it’s easy to envision a not-so-distant future where policing decisions are not only informed but carried out by machines—a day when some Atlas-like robot will show up on a street that a predictive model has identified as high-risk and, with the help of its “fine motor-skills capabilities” and “28 degrees of freedom,” arrest the first likely candidate. Perhaps it’s a sign of the times that such dystopian scenarios are, if still undesirable, beginning to look not categorically worse than our current state of affairs. The actions of Derek Chauvin alone stand as a reminder that humans can be just as coldhearted and unfeeling as a machine. Still, the fact that the officer was human is, in part, what provoked public outrage. We react viscerally to the sight of people abusing their power—far more so than we do to cases of machine malfunction, even when it can be traced back, through the shadowy byways of bureaucracy, to human error. As the criminal justice system automates more and more of its operations, its actions are becoming increasingly opaque, shellacked in a detached objectivity that risks obscuring acts of injustice. As the writer Jackie Wang points out in her book Carceral Capitalism, personification is a necessary component of moral indignation. “‘All police databases are bastards’ makes no sense,” she writes. Neither does “All police robots are bastards,” regardless of how human they appear or how well they can dance. I would add to this that if personification is crucial to cultivating outrage, it’s also necessary for countering it. Among the many remarkable images caught on
0
2
9
film during the George Floyd protests was a video showing members of the National Guard dancing with protesters in Atlanta, only days after the streets had been filled with tear gas. The dance they were doing— the Macarena—was somewhat mechanical, more simple than many of the moves the Boston Dynamics robots are capable of executing. And yet the moment itself demonstrated an agility that is not merely physical but spiritual. It was one of those outflashings of grace that sometimes appear when people let their guard down and improvise, breaking through the rigidity of choreographed social roles and long-standing tensions. One protester, Amisha Harding, told reporters that the dancing opened up a space for dialog with the officers. “In talking to them,” she said, “I realized that so many of them believe in what we’re fighting for as well.” Although the officers could not, being subject to their own prime directives (the oath of duty), publicly express their support for the movement, many revealed to the protesters that their hearts were at odds with the tasks they’d been asked to perform. In the movies, it’s precisely this dissonance that marks a robot’s acquisition of consciousness. The machine that develops a conscience and becomes troubled by the actions it’s been hardwired to carry out has transcended its status as a tool and has become, essentially, human. Perhaps one day our machines will achieve that level of complexity. Until then, moral flexibility—the willingness to change, to break the rules, to abandon beliefs and practices that are no longer serving the public good—is something we alone can enact. I realize, Suspect, that it’s difficult these days to believe that people, let alone systems, are capable of change. But it’s also true that humans maintain more than 28 degrees of freedom, and at least some of those choices might be worth preserving.
Faithfully, Cloud MEGHAN O’GIEBLYN (@megogieblyn)
will publish her book God, Human, Animal, Machine with Doubleday in August. COLLAGE / SAM WHITNEY
BEST MENTHOL.
PERIOD. MADE WITH
100% PLANT BASED
MENTHOL.*
*THESE CIGARETTES DO NOT PRESENT A REDUCED RISK OF HARM COMPARED TO OTHER CIGARETTES.
GRAB A COUPON & GIVE ‘EM A TRY AT
Winston® is a registered trademark of ITG Brands, LLC. ©2021 ITG Brands, LLC
WINSTONCIGARETTES.COM/WIRED
FEATURES
ART / NOTPAULSIMON
WIRED 29.06
0
3
1
AR T B Y
ZAK TEBBAL
T H I S L AW
KE EP S I N TE RN E T CO M PA N I E S F RO M B E I N G H E L D R E S P O N S I B L E F O R W H AT PEOPLE POST AND SHARE. I T H AS VAST CO NS E QU EN CE S F O R CI V I L I Z AT IO N I N T H E D I G I TA L AG E . SO M E P EO P L E WA NT TO G ET RI D O F I T BU T DO N ' T U N D ERSTA N D HOW IT WO RKS . OTH ERS SAY T HAT A LT ERI NG IT WOU L D BRI N G T H E W H O L E I NTERN ET CR ASH I NG DOWN.
HERE'S THE TRUE STORY OF
SECTION 230
OF THE COMMUNICATIONS DECENCY ACT.
BY
GILAD EDELMAN
T HE L IE WA S S OR T O F F U N N Y, UNTIL IT WASN'T. In the weeks after the 2020 election, as Donald Trump’s quest to remain in office met one courtroom defeat after another, his shrinking legal team concocted a baroque conspiracy theory to explain how the presidency had been stolen. At a surreal press conference in late November, Trump’s lawyers, Sidney Powell and Rudy Giuliani—the latter dripping with mysteriously brown-tinged sweat— explained that Dominion Voting Systems was secretly linked to rival voting machine company Smartmatic, both of which, they said, had been created in Venezuela under the direction of Hugo Chávez for the purpose of systematically rigging elections. George Soros and the Clinton Foundation were possibly in on the scheme as well. This performance was met with widespread derision; on Twitter, Trump’s own recently fired election security czar, Christopher Krebs, called it “the most dangerous 1hr 45 minutes of television in American history.” But among millions of Trump supporters, the allegations of electoral fraud caught fire. Newsmax, One America News Network, and Fox broadcast the claims to their cable TV audiences, with Lou Dobbs referring to Smartmatic as “a company that was founded in 2005 in Venezuela for the specific purpose of fixing elections.” In no time the conspiracy theory was racing through the right-wing precincts of social media, where it erupted into bizarre memes and frenzied calls to action. The journey from farce to tragedy reached its nadir 0
on January 6, when a mob of Trump supporters, urged by the outgoing president to “stop the steal,” violently stormed the US Capitol. They say a lie gets halfway around the world while the truth is still tying its shoes. In this case, the lie seemed to have circled the globe, gotten the truth in a headlock, and then plowed it backward across the National Mall. But then something unexpected happened: The truth got a lawyer. In February, Smartmatic filed a defamation lawsuit for more than $2.7 billion against Fox, Giuliani, and Powell. Dominion filed suits of its own seeking more than $1 billion each from Fox News, Giuliani, Powell, and Trump mega-supporter Mike Lindell, the CEO of MyPillow, who had helped spread the vote-fixing claim. Suddenly, with money on the line, the TV networks grew more circumspect. Fox and Newsmax ran awkward disclaimers renouncing their own hosts’ coverage. Fox Business canceled Lou Dobbs Tonight, its highest-rated show, a day after Smartmatic named Dobbs as a defendant. A Newsmax anchor tried to cut off Lindell when the pillow tycoon began veering into Dominion territory during an on-air interview; the host eventually walked off the set in frustration. America is a liar’s paradise. The First Amendment gives wide berth to hucksters, charlatans, and gaslighters under the wise premise that the government generally shouldn’t get to decide what’s true and
what isn’t. But the legal system does impose certain limits on speech. The Smartmatic and Dominion lawsuits showed that there can, in fact, be a significant cost associated with inventing, popularizing, and perhaps profiting off of such a Big Lie. Not for everyone, though. As some commentators noted, one group was conspicuously absent from the cast of defendants accused of amplifying the voting machine myth: social media companies. Unlike traditional publishers and broadcasters, which can be sued for publishing a defamatory claim, neither Facebook nor YouTube nor Parler nor Gab had to fear any legal jeopardy for their role in helping the lie spread. For that, they have one law to thank: Section 230 of the Communications Decency Act. Passed in 1996, Section 230 provides that online platforms—or “interactive computer services,” in the legislative argot of the time—generally can’t be held legally responsible for material posted by users. Among the public, this sweeping indemnification remained a pretty obscure fact of life on the internet for the first two decades of the law’s existence. But in the past few years, amid a general fit of panic over today’s platform giants and their possible incompatibility with civilization, democracy, and human flourishing, Section 230 has fallen under a cloud of scrutiny. Strong
Section 230 is not the bogeyman of Trump’s stump speeches, but neither is it the pixie dust making the internet a magical place for free speech and innovation. 3
5
opinions about it have multiplied—as have threats to repeal it from both sides of the aisle in Washington. Democrats argue that Section 230 lets companies get away with doing too little moderation; Republicans tend to say it lets them get away with too much. Still, there may be just enough bipartisan overlap for reform legislation to emerge from the gauntlet of Congress. So far, there is no consensus on what that reform should look like. The resolution of this tangled debate could have massive consequences for the internet, not only in the US, but in every country where online discourse takes place on platforms that are subject to American law. This reckoning has all the makings of a barbarians-at-the-gate moment for the companies that benefit from Section 230’s protections. But not only for them. Over the years, Section 230 has attracted a small but ardent following of people who view it with the kind of idealistic veneration more often reserved for the First Amendment. According to its admirers, Section 230 is the wellspring from which everything good about the modern internet emerged—a protector of free speech, a boon to innovation, and a cornerstone of the American economy. The oft-quoted title of a book by the lawyer Jeff Kosseff captures this line of thinking well. It refers to the law’s main provision as “the 26 words that created the internet.” Another article of faith among Section 230’s champions? That people who criticize the law have no clue what they’re talking about. Section 230 recently turned 25 years old, and the occasion was celebrated by a virtual event whose sponsors included Twitter, Amazon, and Yelp. Senator Ron Wyden and former congressman Chris Cox, the authors of the statute, fielded questions from the audience, typed into a chat window. The most upvoted question was, “How best can we get folks to properly understand Sec 230? Particularly when it seems that many are either reluctant to realize they don’t understand or, even worse, they don’t want to understand?” Exhibit A for these Section 230 advocates is the moment in May 2020 when Trump started publicly attacking the law, thrusting it into the national shouting match. Trump’s preferred platform, Twitter, had recently had the temerity to fact-check one of his tweets. Trump’s response took a cue from
some other Republican provocateurs, most notably senators Ted Cruz and Josh Hawley, who have popularized a theory that Section 230 gives social media platforms legal cover to discriminate against conservatives. Heading into the November presidential election, hostility toward the law grew into one of Trump’s favorite talking points. “Big Tech, Section 230, right?” he mused to an Ohio crowd in October. “Big Tech is corrupt.” Trump’s opponent was not much friendlier to the statute. In January 2020, then candidate Joe Biden, in response to a general question about the power of tech platforms, blurted out that “Section 230 should be revoked, immediately should be revoked.” The comment seemed to stem from Biden’s lingering anger over a misleading attack ad against him that Facebook had refused to block. Neither man’s beef with the law is terribly coherent. Section 230 shields platforms from legal liability, but there isn’t anything unlawful in the first place about a sharpelbowed attack ad that bends the truth. Ditto for Trump’s complaints: Even if social media platforms did discriminate against conservative viewpoints, it’s perfectly legal to have a partisan bias, as every waking second of American life makes clear. More generally, politicians and pundits often seem to blame Section 230 for whatever they happen to dislike about the internet, whether or not it really applies—or they lash out at the law simply because they know it’s precious to companies they loathe. So, yes, a lot of people who complain about Section 230 don’t know what they’re talking about. And yet the story told by the pro-230 camp contains its share of mythology as well. Section 230 is not the bogeyman of Trump’s stump speeches, but neither is it the pixie dust making the internet a magical place for free speech and innovation. To understand the law, you have to know not just what it says but how it came to be and how it has been interpreted— and sometimes misinterpreted—by judges during its 25-year existence. Once you do that, the picture that emerges is very different from the one painted by either side of the kill-it-or-keep-it debate. In fact, Section 230 may be more like Dumbo’s supposedly magic feather: a talisman the internet has been clutching for dear life for 25 years, terrified of finding out whether online discourse could fly without it.
be held liable if it did moderate its platform? Four years later, a state judge on Long Island answered that question in the affirmative. This time the defendant was Prodigy, another giant online service provider in the early internet era. An anonymous user on Prodigy’s Money Talk bulletin board had posted that the leaders of an investment banking firm called Stratton Oakmont were a bunch of liars and crooks. Stratton Oakmont sued for $200 million, arguing that Prodigy should be treated as a publisher. Unlike CompuServe, Prodigy proudly advertised its ability to screen content to preserve a family-friendly environment. Judge Stuart Ain held that fact against the company. He seized on comments in which Prodigy’s head of communications compared the company’s moderation policies to the editorial decisions made by a newspaper. “Prodigy’s conscious choice, to gain the benefits of editorial control, has opened it up to a greater liability than CompuServe and other computer networks that make no such choice,” he wrote in his opinion. The company could be held liable as a publisher. It was just one case, in one New York state trial court, but it put the fear of God into the tech industry. Ain’s logic set up the ultimate perverse incentive: The more a platform tried to protect its users from things like harassment or obscenity, the greater its risk of losing a lawsuit became. This situation, sometimes referred to as the moderator’s dilemma, threatened to turn the growing internet into either an ugly free-for-all or a zone of utter blandness. Do nothing and filth will overrun your platform; do something and you could be sued for anything you didn’t block. To counteract Ain’s decision, a pair of congressmen, Republican Chris Cox and Democrat Ron Wyden, teamed up to find a legislative solution to the moderator’s dilemma. At the time, Congress was working on something called the Communications Decency Act, a censorious law that would criminalize spreading “indecent” material online. Cox and Wyden came up with language that was inserted into the bill, and that became Section 230 of the act. Much of the rest of the decency law would be struck down almost immediately by the Supreme Court on constitutional grounds, but Section 230 survived. For such a consequential statute, Section 230 is unusually concise. There are two key
THE
M O D E R AT O R ’ S D I L E M M A
SECTION 230 IS OFTEN described as a law about free speech—a sort of First Amendment for cyberspace. But it’s really about a much less glamorous area of law: torts. Tort law is how the legal system holds people responsible when they wrong someone else. (Tort is French for “a wrong.”) It is part of the common-law tradition stretching back to medieval England, when judges, weighing in on a single dispute at a time, gradually shaped the law of the land. One area of tort doctrine—defamation—is particularly relevant to Section 230. A defamation case is when you sue someone who told a lie that hurt your reputation. Or, even more relevantly, someone who published that lie. Under the so-called republication rule, if I falsely claim that you committed a crime, and a newspaper prints that claim, you can sue both the newspaper and me. So news organizations have to be very careful about reporting incendiary accusations. (If the accusation concerns a public figure, American publications can be a little less careful. The Supreme Court ruled in the 1960s that public figures can win a defamation suit only if they can prove the lie was made deliberately or recklessly.)
In the early days of the internet, it wasn’t clear how judges would apply the republication rule to online platforms. The first case to test the waters was Cubby v. CompuServe, decided in 1991 in a federal district court. CompuServe was one of the first major US internet service providers, and it hosted a number of news forums. A company called Cubby Inc. complained that someone had posted lies about it on one of those forums. It wanted to hold CompuServe liable under the republication rule, on the theory that hosting a forum was analogous to publishing a newspaper. But the judge disagreed. CompuServe, he observed, didn’t exercise any editorial control over the forum. It was basically a passive host, more like a distributor than a publisher. “CompuServe has no more editorial control over such a publication than does a public library, book store, or newsstand, and it would be no more feasible for CompuServe to examine every publication it carries for potentially defamatory statements than it would be for any other distributor to do so,” he wrote in his opinion. The Cubby decision was a relief to the nascent internet industry. But if CompuServe avoided liability because it didn’t moderate its forums, did that mean a provider would 0
provisions. The second, subsection (c)(2), says, “No provider or user of an interactive computer service shall be held liable on account of any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected.” Translation: Forget the Stratton Oakmont case. A platform can protect its users without putting itself in legal jeopardy. But it’s the first part of the law, subsection (c)(1), that has proven more consequential. Cox and Wyden understood that the potential volume of content on interactive platforms was so immense that internet companies could never exercise the same level of control as traditional media. Treating internet providers as publishers could make them too cautious, stifling the potential of the internet as a medium for free expression. And so Cox and Wyden decided to establish a baseline degree of legal immunity for platforms, regardless of whether they engaged in content moderation. They did this in the famous 26 words: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” One part of Section 230 got rid of the moderator’s dilemma. The other, however, would end up creating dilemmas of its own.
It was the ultimate perverse incentive: The more a platform tried to protect its users from things like harassment or obscenity, the greater its risk of losing a lawsuit became. 3
7
FULL IMMUNITY
ON APRIL 19, 1995, TIMOTHY McVeigh detonated a bomb in front of the Alfred P. Murrah Federal Building in Oklahoma City, killing 168 people in the deadliest single act of domestic terrorism in US history. Six days later, some very strange posts began appearing on an AOL bulletin board, advertising “Naughty Oklahoma T-Shirts” that featured phrases mocking the victims of the bombing. The ads, posted by a user with the handle KEN ZZ03, listed a phone number to call to order the shirts. That phone number belonged to Kenneth Zeran, a Seattle-based TV producer and artist. Zeran did not post the ads and had no idea who had. (To this day, the identity of the poster remains a mystery.) Before long he was inundated with threatening phone calls from people understandably outraged by the tastelessness of T-shirts with slogans like “Visit Oklahoma … It’s a blast!!!” Things got even worse when a radio host encouraged his listeners to call Zeran and give him a piece of their minds. According to Zeran, AOL didn’t do nearly enough to deal with the problem, despite his repeated requests for help. Eventually, he got a lawyer, and in April 1996—two months after the passage of Section 230—he sued AOL in federal court.
Prodigy and CompuServe had taken their turns on the witness stand. Now the last of the old Big Three online service providers would get its moment, and this time the outcome would cement the future of internet law. AOL raised the brand-new statute in its defense, arguing that it couldn’t be held responsible for posts by its users. Zeran’s lawyers countered that their case didn’t actually rely on the republication rule. They sued AOL for negligence, and as a distributor, not a publisher. Once AOL was put on notice, they argued, it had a duty to try to block the posts. Zeran’s case was the first crucial test of how Section 230 would be interpreted by judges. The text said that an interactive computer service couldn’t be treated as the publisher of information provided by someone else. But did that mean it couldn’t be held responsible at all? Or were other forms of liability, like negligent distribution, still on the table? They were not. In an opinion for the Court of Appeals for the Fourth Circuit, Judge J. Harvie Wilkinson III, a prominent conservative, ruled in favor of AOL. Section 230, he noted, was designed for exactly this type
of situation. It might make sense to hold a traditional distributor liable for defamatory material once it’s put on notice, Wilkinson reasoned, but “the sheer number of postings on interactive computer services would create an impossible burden.” The ruling went further than protecting platforms from defamation suits. Section 230, Wilkinson held, “plainly immunizes computer service providers like AOL from liability for information that originates with third parties.” What kind of liability? What kind of information? Any kind, apparently. Wilkinson’s use of the word “immunity,” which isn’t in the statute itself, was key. A legal immunity allows a defendant to swat away a lawsuit with a minimum of time and money— even if every fact the plaintiff alleges is true. Because it was the only case interpreting this brand-new law about this brandnew domain called the internet, Wilkinson’s decision assumed the status of a quasi– Supreme Court precedent. Courts around the country immediately began citing Wilkinson’s “immunity” line to dismiss cases brought against internet companies at the earliest stage of litigation. They often did this grudgingly, essentially concluding that the law forced their hand. “While Congress could have made a different policy choice, it opted not to hold interactive computer services liable,” noted one early decision citing Zeran. Wilkinson’s ruling revealed a paradox at the heart of Section 230. The law was supposed to encourage online service providers to police their platforms without fear. It was, after all, part of a statute called the Communications Decency Act. And yet the first part of the law, the part Wilkinson now interpreted as an immunity, removed a major legal incentive for them to police their platforms at all. With a few exceptions (most notably copyright infringement and child pornography), providers would never be held responsible for material posted by users, no matter how clearly false or harmful. Even if they were put on notice, could easily fix the problem, and simply chose not to. It must have been hard to see at the time how consequential that position would become. Zeran was decided in 1997. Just 2 percent of the world’s population was online. Over the subsequent decades, the internet would spread into more and more aspects of daily life. Section 230 and its peculiar set of incentives would spread with it. 0
B A D S A M A R I TA N S
IF THERE WAS ONE MOMENT when Section 230 started revealing its potential to make things really weird, it was in 2003, in a case called Batzel v. Smith. Ellen Batzel was a successful lawyer. Robert Smith was a handyman she’d hired to do some work on her house. They seem to have had some kind of falling out. In 1999, possibly to get revenge, Smith sent an email to Ton Cremers, the Dutch publisher of a listserv called Museum Security Network, claiming that Batzel’s house was full of art that had been stolen from Jews during World War II. He also wrote that Batzel had bragged about being Heinrich Himmler’s granddaughter. Cremers’ interest was piqued. He forwarded Smith’s email to his listserv audience and posted it on the MSN website. Batzel, understandably, was not amused. The allegations, she said, were a pack of lies. She sued Smith for writing the email, arguing that it had ruined her professional reputation. But she also sued Cremers for publishing it to his audience. At first glance, these facts don’t look like a Section 230 situation. Recall the law’s underlying theory: The scale of the internet prevents online platforms from moderating every word or image uploaded by users. 3
Cremers, however, wasn’t a tech company sitting atop a tsunami of user-generated content. He was a guy who forwarded and published an email. Batzel wasn’t suing him for failing to take something down; she was suing him for choosing to put something up. And yet Cremers’ lawyers raised the statute in his defense. They argued that because the email from Smith was technically “information provided by another information content provider,” Cremers couldn’t be sued for spreading it online. The case went up to the Ninth Circuit Court of Appeals. In 2003 the court sided with Cremers. “Because Cremers did no more than select and make minor alterations to Smith’s e-mail, Cremers cannot be considered the content provider of Smith’s email for purposes of §230,” wrote judge Marsha Berzon, a prominent liberal, for the majority. How did the court come to that decision? Simple. The judges did what US judges often do: They read the statute extremely literally. Section 230, remember, says that “no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” And it defines an “information 8
content provider” as “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.” Put those pieces together and it does kind of sound like you can’t get in trouble for publishing something someone else emailed you. This outcome, however, seems so far from the law’s original intent that even Section 230 coauthor Chris Cox believes Batzel was wrongly decided. Cox says that Section 230 was never supposed to let people on the internet get away with the exact same behavior that would land them in trouble offline. But if Cremers had done what he did using a bunch of envelopes and stamps, instead of email, he wouldn’t have been able to hide behind the statute. As the torts scholar Benjamin Zipursky has observed, in an article criticizing the logic of Batzel, “Anyone wishing to hurt another person by damaging her or his reputation is free to do so without accountability by finding a defamatory statement that someone else has made and broadcasting it to the world over the Internet.” Nevertheless, the decision in Batzel v. Smith has been cited and followed by courts around the country, perhaps because it seems to follow the straightforward text of Section 230. One particularly galling example involves a website called The Dirty. The Dirty is a gossip site in the style of TMZ— except its subjects are ordinary people, not celebrities. A typical post involves a picture of a woman, often scantily clad, along with her full name and detailed allegations that she’s a cheater, a gold digger, or worse. In 2009, the victim of several such posts, a schoolteacher and Cincinnati Bengals cheerleader, brought a lawsuit against the website’s parent company and founder after posts appeared on The Dirty accusing her of sleeping with the entire football team and spreading sexually transmitted diseases— rumors that she said went viral at the high school where she taught. The case made it all the way to the federal Court of Appeals for the Sixth Circuit, which held in 2014 that Section 230 protected The Dirty because the posts were submitted by users. The logic is a direct descendant of Batzel; indeed, the ruling cited Batzel eight times. As the opinion itself laid out, The Dirty wasn’t a message board or a social network where users could upload whatever they wanted. It received thousands of submissions
place, Armslist.com, found a private seller, and bought a semiautomatic handgun from a guy in a McDonald’s parking lot. The next day, he went to the salon where his wife worked and shot her to death, along with two of her coworkers, before turning the gun on himself. The wife’s daughter sued Armslist for negligence and wrongful death, among other claims. Her lawyers argued that the company had essentially set itself up to facilitate illegal gun sales. It allowed users to filter their searches to show only private sellers, who don’t have to run background checks. And it allowed anyone to buy or sell guns, taking no steps to screen out people barred from owning one. None of that mattered to the Wisconsin Supreme Court. Even if the claims in the lawsuit were true—that is, even if it could be proven that Armslist intentionally facilitated illegal gun sales—Section 230 immunity applied. As long as Armslist didn’t help create posts itself, it was in the clear. That doesn’t mean the company would necessarily have lost the case otherwise, or that it will never have to worry about federal criminal prosecution. But it does mean, at a minimum, that thanks to Section 230, the families of people murdered with guns bought on Armslist can’t even force the site’s owners to defend their business practices in court. The Armslist case is also telling for another reason: It was about commerce, not self-expression. In this respect, it is part of a robust line of Section 230 decisions that invoke the law to protect platforms devoted to business transactions. Free trade, not just free speech. Craigslist has used the law to ward off liability for hosting racially discriminatory housing ads. Companies like StubHub, eBay, Amazon, and Airbnb regularly invoke the statute as a defense against lawsuits and to avoid complying with regulations. They all describe themselves as platforms that host content—ticket offerings, apartment listings, products—created by third parties. These arguments don’t always succeed, but sometimes they do. One court recently ruled that Section 230 protects Amazon from liability for false advertising. Airbnb’s and HomeAway’s efforts to use Section 230 to stop municipalities from regulating them failed in San Francisco, but they worked in Anaheim. “After considering federal communications law, we won’t be enforcing parts of Anaheim’s short-term rental rules,” a city spokesperson said.
each day, and founder Nik Richie or his staff would read them and select 150 to 200 to publish, often with some added commentary. It was, obviously, a publication that relied on outside submissions. And yet, following the literal logic of Batzel, the court held that Section 230 shielded it from liability. Section 230 was supposed to protect websites that wanted to do the right thing. The very heading of the statute reads, “Protection for ‘Good Samaritan’ blocking and screening of offensive material.” (This is an echo of a common concept in tort law. All 50 states have some kind of Good Samaritan law that protects people who help in an emergency from being sued if things go wrong.) But cases like the lawsuit against The Dirty show how easy it is for the statute’s immunity provision to accomplish precisely the opposite result. As the legal scholars Danielle Citron and Ben Wittes put it, Section 230 has become a law that ensconces protections for “bad Samaritans.” At least one company relies so heavily on Section 230 that its website has an entire section dedicated to explaining the law. RipoffReport.com is a repository of horror stories about businesses and individuals, like a Yelp that specializes in onestar reviews. It has a policy of never taking a post down, which it says is to preserve its credibility. But the site also encourages businesses marred by bad reports to pay several thousand dollars for its Corporate Advocacy Program. That fee buys those businesses a new, positive post if they pledge to make things right, which the site promises will appear more prominently in Google results than the original review. Though Ripoff Report disputes the characterization, its business model appears to be: Nice reputation you’ve got there; shame if anything were to happen to it. (A recent investigation by The New York Times found a whole ecosystem of websites whose owners profit by selling “removal” services to the people being maligned on them.) Ripoff Report has been sued repeatedly for defamation. But because it doesn’t create the content of the posts itself, courts have consistently held that Section 230 protects it. The same theory protects the Craigslist of guns. In October 2012, a Wisconsin man who was barred from owning a gun (because his estranged wife had taken out a restraining order on him) found an easy workaround. He went to an online market0
“BETTER THAN THE
FIRST AMENDMENT” YOU MIGHT THINK, GIVEN the facts of some of these Section 230 cases, that the law would have become rather controversial. In fact, within the world of internet lawyers and academics that would usually debate such things, and certainly within the tech industry, Section 230 was for years considered “a kind of sacred cow—an untouchable protection of nearconstitutional status,” writes Danielle Citron, a law professor at the University of Virginia. The Electronic Frontier Foundation, for example, calls Section 230 “the most important law protecting internet speech.” So does Twitter CEO Jack Dorsey. Citron, who won a MacArthur Fellowship in 2019, recalls giving a talk at a 2008 conference in which she proposed amending Section 230. She was just starting her career as an academic, and a well-known older professor approached her afterward. “Danielle, really happy to meet you, but you basically want to jail communists,” she recalls him saying. “Your challenging Section 230 is like stabbing the First Amendment in the heart.” Discussions about Section 230 began to creep beyond the esoteric boundaries of internet-law conferences in late 2017, 4
as Congress debated amending the law to carve out an exception for lawsuits based on sex-trafficking allegations. This was also around the time when Ted Cruz, crusading against the alleged scourge of anticonservative bias in Silicon Valley, started insisting falsely that Section 230 required social media platforms to maintain a “neutral public forum.” The law had entered the zeitgeist, or at least a small corner of it. But as journalists started writing about Section 230, we tended to describe it in the same reverent tones that Citron encountered at the 2008 conference. “Lawmakers Don’t Grasp the Sacred Tech Law They Want to Gut,” read a wired headline in 2018. One man who has had an outsize effect on the way Section 230 is treated in public discussion is Eric Goldman, a professor at Santa Clara University School of Law, where he codirects the High Tech Law Institute. He is also a prolific blogger, keeping seemingly exhaustive tabs on the latest developments in internet law, including rulings involving Section 230. Goldman has been writing about this area for so long that the Stratton Oakmont ruling, which Section 230 was created to overturn, cites a paper he published in 1993 while still in law school. 1
“He’s had extraordinary influence,” says Mary Anne Franks, a law professor at the University of Miami and the president of the Cyber Civil Rights Initiative (where Citron is vice president). “In part because he’s a very smart person and he’s a scholar. It’s one thing when you’ve got people who are quite obviously tech lobbyists or part of the industry—that will only carry you so far. It really does mean something when you convince people in the scholarly community.” Goldman’s impact has been even greater in the media. He has for years been journalists’ go-to source on all things Section 230. He’s a reporter’s dream: encyclopedically knowledgeable, articulate, personable, and easy to get on the phone. But Goldman is not only Section 230’s most up-to-speed observer; he may also be its biggest fan. When reporters call him for an expert quote, they get a very particular perspective—one capably summarized in the title of his 2019 paper, “Why Section 230 Is Better Than the First Amendment.” In Goldman’s view, the rise of platforms featuring user-generated content has been an incredible boon both to free speech and to America’s economic prosperity. The #MeToo movement; the more than $2 trillion combined market cap of Facebook and Alphabet; blogs, customer reviews, online marketplaces: We enjoy all of this thanks to Section 230, Goldman argues, and any reduction in the immunity the law provides could cause the entire fortress to crumble. No domain of user-generated content would be safe. If the law were repealed, he recently told the Committee to Protect Journalists, “comments sections for newspapers would easily go.” Other guardians of 230 sound even more apocalyptic notes when the law comes up for debate. After a group of Democratic senators proposed a bill to limit the law’s protections in early February, Mike Masnick, founder of the venerable policy blog TechDirt, wrote that the changes could force him to shut down not just the comments section but his entire website. Section 230 coauthor Ron Wyden, now a US senator, said the bill would “devastate every part of the open internet.” The stakes for online discourse, these arguments suggest, simply couldn’t be higher. You may be horrified by situations like the Armslist case or The Dirty, or any number of cases we don’t have room to talk
about in which victims of harassment, bullying, and revenge porn have been unable to force internet platforms to take action. But would you be willing to trade everything you love about the online world to try to address those problems by reforming Section 230? These apocalyptic arguments are only powerful, however, if they’re true. So let’s ask the question: What would the world look like if Section 230 had never been passed?
A LT E R N AT E H I S T O RY
ONE THING'S FOR SURE: Today’s social media giants could not exist under the version of libel law applied in the Stratton Oakmont case. That decision, remember, said that a platform assumes the same liability as a publisher if it engages in any moderation whatsoever. But it’s almost unimaginable that one New York trial judge’s ruling, which sparked an immediate backlash, would have become the law of the land. Recall that defamation falls under common law, which is developed by judges over time as they apply precedents to new situations. For torts involving user-generated content, Section 230 aborted that process before it could begin. If the law hadn’t passed, judges in other jurisdictions would have gotten the opportunity to craft more reasonable applications of tort law to the new digital world. 0
In fact, another New York case against Prodigy that was initiated before Section 230 was passed offers an example of what this judicial path might have looked like. In Lunney v. Prodigy Services Co., a father sued Prodigy after someone opened up fake accounts impersonating his teenage son, then used those accounts to post vulgar comments on a bulletin board and send a threatening email in the son’s name. Prodigy had already deactivated the accounts, but the family wanted monetary damages. Midway through the case, Congress passed Section 230, and Prodigy asked for the new law to be applied retroactively. But the Court of Appeals of New York, the state’s highest court, said this was unnecessary. It had no problem applying common law principles to find that Prodigy wasn’t liable. The court ruled that Prodigy was analogous to a tele-
com company: Just as you can’t sue AT&T when someone impersonates you over the phone, the teenager’s parents couldn’t hold Prodigy liable for someone spoofing their son over email. It didn’t rule that a company like Prodigy could never be held liable for something involving user-generated content. But, the court said, “if circumstances could be imagined in which an ISP would be liable for consequences that flow from the opening of false accounts, they do not present themselves here.” The Lunney ruling is like a peek into an alternate timeline in which courts did what courts are expected to do: apply familiar principles of the law to new situations and changing circumstances. This process would not have been perfect; we’ve already seen how judges can screw things up. But in the long run, there’s no reason to think the legal system couldn’t have adapted tort law to the digital world. Companies that perform infrastructurelike functions, like today’s Cloudflare or Amazon Web Services, or that provide neutral communication technology, like email, almost certainly wouldn’t have had to worry about what kind of behavior their clients allowed. As in Lunney, traditional standards of liability and causation would have protected them. (You can’t sue Xerox for selling a copier to someone who sends you a blackmail letter; you can’t sue Comcast for providing Wi-Fi to the hacker who drained your bank account.) Meanwhile, the courts gradually would have developed a more richly textured body of law around the legal responsibilities of the platforms that directly host user-generated content. Maybe, as Lunney suggests, the common law would have developed something similar to the immunity provided by Section 230. But courts also could have come up with rules to take into account the troubling scenarios: bad Samaritan websites that intentionally, rather than passively, host illegal or defamatory content; platforms that refuse to take down libel, threats, or revenge porn, even after being notified. They might have realized that the publisher-distributor binary doesn’t capture social media platforms and might have crafted new standards to fit the new medium. Section 230, with its broad, absolute language, prevented this timeline from unfolding. This hypothetical scenario isn’t even all
that hypothetical. The United States is the only country with a Section 230, but it’s not the only country with both a common law tradition and the internet. Canada, for example, has nothing analogous to Section 230. Its libel law, meanwhile, is more proplaintiff, because it doesn’t have the strong protections of the First Amendment. Despite all that, user-generated content is alive and well north of the border. News sites have comments sections; ecommerce sites display user reviews. Neutral providers of hosting or cloud storage are not hauled into court for selling their services to bad guys. Yes, websites with user-generated content do have to be more careful. Jeff Elgie, the founder of Village Media, a network of local news sites in Canada, told me that the possibility of getting sued was one thing the company had to take into account when building its comments system, which combines AI with human moderation. But it’s hardly the extinction-level threat that Section 230 diehards warn about. (Elgie said that, overall, only around 5 to 10 percent of comments get blocked on Village Media sites, and only a small subset of those are for legal reasons.) It is simply not true that “the internet” relies on Section 230 for its continued existence. In response to this observation, staunch supporters of Section 230 generally pivot. They concede that other countries have blogs and comments sections but point out that these countries haven’t produced user-generated content juggernauts like Facebook and YouTube. (Set aside China, which has a totally different legal system, a closed internet, and private companies that are more obedient to the state.) Section 230 might not be responsible for the internet’s literal existence, they say, but it is necessary for the internet as we know it. There are a few ways to respond to this. One is that it’s hard to prove Section 230 is the reason for the success of American social media giants. The internet was invented in the US, which gave its tech sector an enormous head start. America’s biggest tech successes include corporate titans whose core businesses don’t depend on user-generated content: Microsoft, Apple, Amazon. Tesla didn’t become the world’s most valuable car company because of Section 230. Another response is that even if Facebook does owe its wild success to Section 230, perhaps that’s not a reason to pop champagne. The reason we’re talking
about reforming tech laws in the first place is that “the internet as we know it” often seems optimized less for users than for the shareholders of the largest corporations. Section 230’s defenders may be right that without it, Facebook and Google would not be the world-devouring behemoths they are today. If the law had developed slowly, if they faced potential liability for user behavior, the impossibility of careful moderation at scale might have kept them from growing as quickly as they did and spreading as far. What would we have gotten in their place? Perhaps smaller, more differentiated platforms, an ecosystem in which more conversations took place within intentional communities rather than in a public square full of billions of people, many of them behaving like lunatics.
It’s too late to scrap Section 230 completely. The question is how to change the law to address its worst side effects without placing internet companies under impossible legal burdens.
“REASONABLE STEPS” AS I SAID, THAT' S AN alternate timeline. From the vantage point of 2021, it’s probably too late to ditch Section 230 and let the courts figure it all out from scratch. Only Congress can scrape away the decades of judicial interpretations that have attached like barnacles to the original legislation. The question is how to change the law to address its worst side effects without placing internet companies under impossible legal burdens. There are a number of ideas on the table, ranging in concreteness from op-eds to white papers to proposed, sometimes 4
even bipartisan, legislation. And they vary according to what problem the authors are most interested in solving. The most sweeping piece of legislation introduced to date, a bill called the Safe Tech Act, reads like a point-by-point rebuttal to some of the most controversial judicial applications of Section 230. It would remove protections from specific categories of civil claims, including wrongful death (like in the Armslist case), cyberstalking and harassment (as in an infamous New York stalking case involving the gay dating app Grindr), and civil rights law violations (as 3
when Craigslist was sued unsuccessfully for hosting discriminatory housing ads). The bill, proposed by Democratic senators Mark Warner, Mazie Hirono, and Amy Klobuchar, also swaps the word “speech” in for “information,” to try to refocus the law’s protection on self-expression rather than commercial transactions. When I asked Warner if all the carve-outs are a roundabout way to limit Section 230 immunity to defamation cases, he laughed and said, “Let the record reflect that Senator Warner made no comment in response.” (This proposed bill, incidentally, is the one that Wyden said would “devastate every part of the open internet.”) Another school of thought holds that the solution is to apply Section 230’s protections only to hands-off conduits for communication—things like newsletter distribution services and blogging platforms, or nonprofit-owned sites like Wikipedia or the Internet Archive that provide a neutral architecture for users to develop content. Once a platform starts to curate, amplify, or monetize user-generated content, however, some form of liability would kick in. One of the more aggressive suggestions along these lines comes from the American Economic Liberties Project, an antimonopoly think tank. In a statement to the Federal Communications Commission, the organization has proposed limiting Section 230’s protections to companies that make their money by literally “selling access to the internet or a computer server.”
If the big platforms had to worry about defamation suits, they would finally have a strong incentive to act on some of the most extreme cases of disinformation before they become national scandals. 0
“Airbnb is a travel company. Google is an advertising company,” says Matt Stoller, the organization’s director of research. “You should be regulated not based on whether you have a website but based on how you make money. If you make your money on travel, you should be regulated like a travel company. If you make your money from advertising, you should be regulated like a publisher.” This proposal would pull mega-platforms like Facebook and Google out from under Section 230’s shield almost entirely, on the theory that companies that profit by selling ads against user content should have to bear the full cost of policing that content, or else change their business model. This change, the report argues, “would also help restore a level playing field for publishers, who are legally responsible for the content they publish.” A more modest approach would be to grant immunity only to those companies that can show they’re not abusing it. Danielle Citron has proposed amending Section 230 to make its protections from liability conditional on whether a platform “takes reasonable steps to address unlawful uses of its service that clearly create serious harm to others.” This would elegantly solve the bad Samaritan problem: A site that actively encourages people to humiliate women with revenge porn, smear enemies, or make illegal business transactions would not be able to satisfy the test. Citron’s proposal would also open a window for the common law to step back in, striking a middle ground between full repeal and the automatic immunity companies currently enjoy. To qualify for safe harbor, a defendant would have to convince a judge that it has a reasonable approach to dealing with a given category of harm—even if it has screwed up in a particular instance. (That’s important, because as Section 230’s supporters rightly point out, no system of online content moderation at scale will ever be perfect.) Each defendant, each category of harm, would be judged on its own terms. “A reasonable approach to sexual-privacy invasions would be different from a reasonable approach to spam or fraud,” Citron and Franks have written. “A blog with a few postings a day and a handful of commenters is in a different position than a social network with millions of postings a day.” Instead of
Congress trying to enumerate every situation in which Section 230 should and shouldn’t apply, judges would have flexibility to develop different standards for different contexts—including technologies and harms that don’t even exist yet. The dominant platforms, like Facebook, Twitter, and YouTube, already have relatively robust policies and procedures for dealing with some types of illegal material. But a “reasonable steps” requirement would finally force them to take seriously some categories of harm that they currently get a free pass on, most notably defamation. Under the law now, platforms have no incentive to do anything about defamatory posts—and so they generally don’t. Facebook’s voluminous, searchable community standards never mention the words defamation or libel. Twitter’s do, but only to absolve itself of liability. (YouTube at least has a mechanism for reporting defamatory videos, to its credit.) This poses a particularly acute problem if the defamer is anonymous and can’t be tracked down: The victim can’t hold anyone responsible. If Section 230 were revised to impose a standard of care, these companies would have to build in some kind of process to deal with defamatory posts or else risk being sued themselves. Now, a reality check: This would not magically fix social media. Fake news, bigotry, and your cousin Steve’s idiotic Facebook memes will generally continue to be protected by the First Amendment, as they should be. And the big platforms deserve credit for making some progress on content moderation after years of withering criticism. If they had to worry about defamation suits, however, they would finally have a strong incentive to act on at least the most extreme cases of disinformation before they become national scandals. A lot of the wildest conspiracy theories that infect American politics are straightforwardly defamatory. QAnon posts have accused specific individuals of killing and abusing children, for example. The Stop the Steal movement that ultimately led to violence at the US Capitol on January 6 was, you’ll recall, built on specific lies about Dominion and Smartmatic, ones that have landed a few cable networks in court. But because of Section 230, these individuals and companies can’t sue Facebook, Twitter, or YouTube for allowing, and perhaps helping, the bullshit to spread. 4
5
CHANGE IS GOOD
REFORMING SECTION 230 faces all the familiar obstacles to getting anything done in Congress: partisanship, bureaucratic inertia, and, of course, ferocious lobbying from an industry that is quite happy with the status quo, thank you very much. The biggest barrier, however, may be the philosophical resistance to change— any change—among Section 230’s intellectual and legal defenders, a group that cuts across party lines and can’t be written off as industry shills. You might think, for example, that something like Citron’s proposed “reasonableness” standard would be widely seen as a commonsense, compromise reform. In fact, even this suggestion draws fierce opposition. Eric Goldman, the influential law professor, told me it would be tantamount to repealing the entire law. “A key part of 230’s secret sauce comes in its procedural advantages,” he said. Today, the law doesn’t just help companies defeat lawsuits; it helps them win fast, at the earliest possible step, without having to rack up legal bills on discovery, depositions, and pretrial filings. Forcing defendants to prove that they meet some
standard of care would make litigation more complicated. The company would have to submit and gather evidence. That would require more attention and, most importantly, money. Perhaps the biggest companies could handle this, Goldman said, but the burden would crush smaller upstarts. Tweaking Section 230 this way, in other words, would actually benefit monopolies while stifling competition and innovation. Faced with a deluge of defamation lawsuits, the large platforms would err on the side of caution and become horribly censorious. Smaller platforms or would-be challengers would meanwhile be obliterated by expensive legal assaults. As Ron Wyden, Section 230’s coauthor, puts it, Citron’s proposal, though “thoughtful,” would “inevitably benefit Facebook, Google and Amazon, which have the size and legal muscle to ride out any lawsuits.” The thing about this argument is that a version of it gets trotted out to oppose absolutely any form of proposed corporate regulation. It was made against the post-recession Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, which the conservative Heritage 0
Foundation declares “did far more to protect billionaires and entrenched incumbent firms than it did to protect the little guy.” Federal food safety rules, fuel economy standards, campaign spending limits: Pick a regulation and a free-market advocate can explain why it kills competition and protects the already powerful. In fact, a lot of the most passionate pro230 discourse makes more sense when you recognize it as a species of garden-variety libertarianism—a worldview that, to caricature it only slightly, sees any government regulation as a presumptive assault on both economic efficiency and individual freedom, which in this account are pretty much the same thing to begin with. That spirit animated Section 230 when it was written, and it animates defenses of the law today. So you have Cathy Gellis, a lawyer who blogs ardently for TechDirt in support of Section 230’s immunity, filing an amicus brief in the Armslist case insisting that a post listing a gun for sale is speech that must be protected. And Goldman in The Wall Street Journal last year arguing that Amazon should not be held liable for dangerous products sold by vendors on its platform. It should “probably” try harder to protect customers, he wrote, but “any steps the company takes should be voluntary.” In this version of laissez-faire capitalism, the best regulation is self-regulation. But today, that idea no longer receives as much automatic deference as it did in the ’90s. It is, in fact, the precise idea the techlash is lashing against. Government intervention can and does go wrong, of course. Big corporations do indeed try to hijack the legislative process and capture regulators. In March, for example, Mark Zuckerberg publicly declared his support for reforming Section 230—with a set of proposed changes that, while vague, seem designed to allow Facebook to leave its existing policies more or less untouched. So no, it’s not surprising that an $800 billion company facing potential new regulations would try to turn them to its advantage. But to acknowledge that fact is not to make an argument for inaction. If anything, it suggests that the danger lies in doing too little, not too much. Because for all the hypothetical little guys who might get harmed according to some economic
theory, there are plenty of real, known little guys who are being abused by the status quo. That includes not just individuals like Kenneth Zeran and Ellen Batzel but whole segments of society. Discrimination in housing and job ads denies opportunities to Black people. Cyberstalking and harassment disproportionately drive women and members of other vulnerable groups off of social media. This is why supporters of the Safe Tech Act include organizations like the NAACP Legal Defense and Educational Fund, Muslim Advocates, Color of Change, and the National Hispanic Media Coalition. OK, but what about the economic little guy? Here, too, the case for doom and gloom is thin. The George Mason economist Alex Tabarrok, himself a prominent libertarian, has found, to his surprise, that federal regulation cannot be blamed for reduced startup growth or job creation. One reason could be that while regulations and liability rules impose costs on some parts of the economy, they also open opportunities and spur innovation elsewhere. Magic happens when money’s on the line. There is already a small market for third-party moderation software: In Ireland, a startup called CaliberAI, founded by a father-son pair of former journalists, has developed an AI system for flagging potentially defamatory comments. (The posts apparently tend to have certain linguistic hallmarks.) In the US, companies like Sentropy and Sendbird offer moderation tools for site administrators. If Section 230 were rolled back, you can bet that venture capital would rush into that sector. That would, in turn, help social media startups scale up without having to invent their own systems for dealing with illegal user content from scratch. Sid Suri, Sendbird’s head of marketing, predicts that companies like his would shift engineers to spend more time on moderation products—because that’s where more of the money would be. “An ecosystem will always develop around the need,” he says. Imagine: companies getting rich by making the internet less toxic. It’s important to keep in mind that, even without Section 230’s blanket immunity, companies would not be forced to go to trial every time someone gets Mad On the Internet. It’s already incredibly difficult to sue corporations in America. It’s
really hard to win a defamation action. Companies have many ways to toss out weak cases besides Section 230. Remember the Stratton Oakmont case? The one where Prodigy was being sued for $200 million for hosting a message that called an investment firm’s leaders a bunch of liars and crooks? In the end, Prodigy never paid Stratton Oakmont a cent. After losing the preliminary ruling, Prodigy announced that it would raise a truth defense. (It ain’t defamation if it’s true.) A few months later, Stratton Oakmont agreed to drop the case in exchange for an apology. In hindsight, this is anything but shocking: Stratton Oakmont is the company featured in The Wolf of Wall Street. Its founders, Jordan Belfort and Daniel Porush, were sent to prison in 1999 for securities fraud and money laundering. They really were liars and crooks. Sometimes companies make money by doing bad things. Other times, companies merely allow bad things to happen, because it’s cheaper than preventing them. Either way, the basic premise of tort law is that when someone is responsible for a bad thing, they should have to pay, or at least make it stop. You can think of this as a form of justice: forcing wrongdoers to make their victims whole. Or you can think of it as a form of deterrence, in which the point is to prevent bad behavior. But civil liability, especially corporate liability, can also be understood in economic terms: a question of who should have to pay the costs that certain activities impose on everyone else. The reality of Section 230 is that it has allowed digital platforms to externalize some of the costs of their business models. Other industries generally don’t get to do this. Chemical companies can be sued if they poison the local water supply. Retailers can be sued for putting defective items on their shelves. Working to prevent these outcomes costs corporations money. But it doesn’t stop them from making Teflon pans or stocking Tostitos. Once the creation myths and apocalyptic talk are set aside, it’s clear that the online world needn’t be so completely different—and that an intelligent reform of Section 230 won’t stop digital platforms from creating the internet.
Imagine: Companies could get rich by making the internet less toxic.
GILAD EDELMAN (@GiladEdelman) covers tech and politics for
4
wired .
7
0
4
8
Secret codes. Private investigators. Betrayal. How one couple built a device to fix the notoriously broken ice cream machines at McDonald’s— and how the fast-food giant froze them out. by Andy Greenberg
Photographs: GABRIELA HASBUN
Lettering: LEANDRO ASSIS
Of all the mysteries and injustices of the McDonald’s ice cream machine, the one that Jeremy O’Sullivan insists you understand first is its secret passcode. .
Press the cone icon on the screen of the Taylor C602 digital ice cream machine, he explains, then tap the buttons that show a snowflake and a milkshake to set the digits on the screen to 5, then 2, then 3, then 1. After that precise series of no fewer than 16 button presses, a menu magically unlocks. Only with this cheat code can you access the machine’s vital signs: everything from the viscosity setting for its milk and sugar ingredients to the temperature of the glycol flowing through its heating element to the meanings of its many sphinxlike error messages. “No one at McDonald’s or Taylor will explain why there’s a secret, undisclosed menu,” O’Sullivan wrote in one of the first, cryptic text messages I received from him earlier this year. As O’Sullivan says, this menu isn’t documented in any owner’s manual for the Taylor digital ice cream machines that are standard equipment in more than 13,000 McDonald’s restaurants across the US and tens of thousands more worldwide. And this opaque user-unfriendliness is far from the only problem with the machines, which have gained a reputation for being absurdly fickle and fragile. Thanks to a multitude of questionable engineering decisions, they’re so often out of order in McDonald’s restaurants around the world that they’ve become a full-blown social media meme. (Take a moment now to search Twitter for “broken McDonald’s ice cream machine” and witness thousands of voices crying out in despair.) But after years of studying this complex machine and its many ways of failing, O’Sullivan remains most outraged at this notion: that the food-equipment giant Taylor sells the McFlurry-squirting devices to McDonald’s restaurant owners for about $18,000 each, and yet it keeps the machines’ inner workings secret from them. What’s more, Taylor maintains a network of approved distributors that charge franchisees thousands of dollars a year for pricey maintenance contracts, with technicians on call to come and tap that secret passcode into the devices sitting on their counters. The secret menu reveals a business model that goes beyond a right-to-repair issue, O’Sullivan argues. It represents, as he describes it, nothing short of a milkshake shakedown: Sell franchisees a complicated and fragile machine. Prevent them from figuring out why it constantly breaks. Take a cut of the distributors’ 0
5
0
profit from the repairs. “It’s a huge money maker to have a customer that’s purposefully, intentionally blind and unable to make very fundamental changes to their own equipment,” O’Sullivan says. And McDonald’s presides over all of it, he says, insisting on loyalty to its longtime supplier. (Resist the McDonald’s monarchy on decisions like equipment and the corporation can end a restaurant’s lease on the literal ground beneath it, which McDonald’s owns under its franchise agreement.) So two years ago, after their own strange and painful travails with Taylor’s devices, 34-year-old O’Sullivan and his partner, 33-yearold Melissa Nelson, began selling a gadget about the size of a small paperback book, which they call Kytch. Install it inside your Taylor ice cream machine and connect it to your Wi-Fi, and it essentially hacks your hostile dairy extrusion appliance and offers access to its forbidden secrets. Kytch acts as a surveillance bug inside the machine, intercepting and eavesdropping on communications between its components and sending them to a far friendlier user interface than the one Taylor intended. The device not only displays all of the machine’s hidden internal data but logs it over time and even suggests troubleshooting solutions, all via the web or an app. The result, once McDonald’s and Taylor became aware of Kytch’s early success, has been a two-year-long cold war—one that is now turning hot. Kytch’s creators believe that Taylor even hired private detectives to obtain their devices. Taylor recently unveiled its own competing internet-connected monitoring product. And McDonald’s has gone so far as to send emails to its franchisees, warning them that Kytch devices breach a Taylor machine’s “confidential information” and can even cause “serious human injury.” Having endured the efforts of McDonald’s and Taylor to decimate their business over the five months since those emails, O’Sullivan and his cofounder are now on the counterattack. The Kytch couple tells wired they’re planning to file a lawsuit against some McDonald’s franchisees who they believe are colluding with Taylor by handing over their Kytch devices to the ice cream machine giant and allowing them to be reverse-engineered—a violation of the franchisees’ agreement with Kytch. (Taylor denies obtaining Kytch
Taylor’s notoriously fragile ice cream machines are used by most of the 13,000-plus McDonald’s restaurants in the US.
devices but doesn’t deny trying to gain possession of one or that a Taylor distributor did ultimately access it.) The lawsuit will likely be only the first salvo from Kytch in a mounting, messy legal battle against both Taylor and McDonald’s. But in his initial messages to me, O’Sullivan mentioned none of the details of this escalating conflict. Instead, with Hamburglar-like slyness, he dared me to pull on a loose thread that he suggested could unravel a vast conspiracy. “I think you could blow this story open by just asking a simple, very reasonable question,” O’Sullivan’s first text messages concluded: “What’s the real purpose of this hidden menu?”
The standard Taylor digital ice cream machine in a McDonald’s kitchen is “like an Italian sports car,” as a franchisee who uses the Twitter nom de guerre McD Truth described it to me. When the hundreds of highly engineered components in Taylor’s C602 are working in concert, the machine’s performance is a smooth display of efficiency and power. Like other ice cream machines, it takes in liquid ingredients through a hopper and then freezes them in a spinning barrel, pulling tiny sheets of the frozen mixture off the surface of the barrel’s cold metal with scraper blades, mixing it repeatedly to create the smallest possible ice crystals, and then pushing it through a nozzle into an awaiting cup or cone. But what makes the machine special is that it has two hoppers and two barrels, each working independently with precise settings, to produce Just as O’Sullivan and Nelson’s ice-cream-machine-hacking gadget both milkshakes and soft serve simultanebegan to gain customers, McDonald’s warned its franchisees that Kytch breached the machines’ “confidential information.” ously. It uses a pump, rather than gravity like many other machines, to accelerate the flow of McFlurries and fudge sundaes. McD Truth describes selling 10 ice cream cones a minute during peak sales periods, an impossible feat with other machines. And while other ice cream machines have to be disassembled much better designed. But given that its replacement parts can take a and cleaned daily—and any leftover contents discarded—the week to arrive from Italy, far fewer restaurants buy it.) Every two weeks, all of Taylor’s precisely engineered compoTaylor machines at McDonald’s use a daily “heat treatment” process designed to jack up their contents’ temperature to 151 degrees nents have to be disassembled and sanitized. Some pieces have to Fahrenheit, pasteurize them for a minimum of 30 minutes, and then be carefully lubricated. The machine’s parts include no fewer than refreeze them again in a once-a-night cycle, a modern marvel of two dozen rubber and plastic O-rings of different sizes. Leave a single one out and the pump can fail or liquid ingredients can leak hygiene and cost savings. In keeping with McD Truth’s Italian sports car analogy, these out of the machine. The tech manager for one McDonald’s franchimachines are also temperamental, fragile, and overengineered. “They see told me he has reassembled Taylor’s ice cream machines more work great as long as everything is 100 percent perfect,” McD Truth than a hundred times, and had them work on the first try at most 10 writes. “If something isn’t 100 percent, it will cause the machine to of those times. “They’re very, very, very finicky,” he says. The machine’s automated nightly pasteurization process, rather fail.” (McDonald’s franchisees are also allowed to use an actual Italian machine, sold by Bologna-based Carpigiani, that McD Truth says is than making life easier for restaurant managers, has become their 0
5
2
biggest albatross: Leave the machine with a bit too much or too little ingredient mixture in its hoppers, accidentally turn it off or unplug it at the wrong moment, or fall victim to myriad other trivial errors or acts of God, and the four-hour pasteurization process fails and offers a generic, inscrutable error message—meaning that the machine won’t work until the entire four hours of heating and freezing repeats, often in the middle of peak ice cream sales hours. The result can be hundreds of dollars in sales immediately lost. (Especially, O’Sullivan explains, during “shamrock season,” when McDonald’s offers a St. Patrick’s Day–themed mint-green milkshake that boosts shake sales as much as 10-fold. “Shamrock season is a big fucking deal,” O’Sullivan emphasizes.) Taylor sells a machine with these technical demands to businesses
where they might ultimately be run by a bored teenager whose fast-food career is measured in weeks. So perhaps it’s no surprise that many McDonald’s restaurants’ ice cream machines seem to be as often broken as not. The website McBroken.com, which uses a bot to automatically attempt to place an online order for ice cream at every McDonald’s in America every 20 to 30 minutes and measure the results, reveals that at any given time over the past three months, somewhere between 5 and 16 percent of all US McDonald’s stores are unable to sell ice cream. On a typical bad day as I reported this piece, that included one out of five McDonald’s stores in Los Angeles, Washington, DC, and Philadelphia, one out of four in San Francisco, and three out of 10 in New York City. Plenty of companies have fought against their own customers’ right-to-repair movements, from John Deere’s efforts to prevent farmers from accessing their own tractors’ software to Apple’s efforts to limit who can fix an iPhone. But few of those companies’ products need to be repaired quite so often as McDonald’s ice cream machines. When wired reached out to McDonald’s for this story, the company didn’t even attempt to defend the machines’ shambolic performance. “We understand it’s frustrating for customers when they come to McDonald’s for a frozen treat and our shake machines are down—and we’re committed to doing better,” a spokesperson wrote. On social media, meanwhile, the McDonald’s ice cream meme has come to represent everything disappointing about modern technology, capitalism, and the human condition. In 2017, when three women in Florida attacked a McDonald’s employee after learning the ice cream machine was down, many people on Twitter sided with the attackers. McDonald’s itself tweeted from its official account last August: “We have a joke about our soft serve machine but we’re worried it won’t work,” a selfown that received nearly 29,000 likes. On a recent evening in March, I attempted to tally the number of people joking on Twitter that they were going to spend their $1,400 Covid stimulus payment to fix their local McDonald’s ice cream machine. I lost count at 200.
A decade ago, however, the ice cream headaches at McDonald’s hadn’t yet become the subject of social media notoriety. In 2011, when O’Sullivan and Nelson first decided to gamble their careers on the frozen confection business, they had to learn about the quirks of the soft-serve industry the hard way. The two met at Bucknell University and started dating in the late 2000s, then went off to careers in accounting—Nelson at Deloitte,
O’Sullivan at Ernst & Young—which they both found deeply dull. After a few years, they began brainstorming business plans of their own and zeroed in on the frozen yogurt craze that was dotting the country with Pinkberry and Red Mango outlets. Here was a business that was essentially constructed around a bunch of ice cream machines—largely Taylor ice cream machines, ones without the pasteurization step that would kill the yogurt culture—and yet froyo vendors were paying for hundreds of square feet of real estate and human employees, by far their biggest monthly expenses. The froyo industry seemed ripe for disruptive automation. So Nelson and O’Sullivan, then based in the Washington, DC, area, began to develop what they called the Frobot: a bulky enclosure built like a closet around a Taylor frozen yogurt machine, with its own TV-sized touchscreen interface and credit card reader. In other words, they set out to condense the frozen yogurt store into a single autonomous appliance. They hoped to install their Frobot in public spaces, turn it on, and let it extrude revenue. (Toppings remained an unsolved problem. But they’re the lowest-margin part of the business anyway, O’Sullivan confides.) It took them three years to build their first Frobot prototype with a Taylor machine bought from Craigslist. After an initial, uneventful trial run at a West Virginia medical school cafeteria, Nelson and O’Sullivan set up the Frobot in a Washington, DC, coworking space, and the towering cabinet proved a moderate success. The couple took the leap, quit their jobs, and moved to San Francisco to work on their startup full-time, putting a next-gen Frobot prototype in an events space next to the Palace of Fine Arts, where they say it began generating as much as $500 in sales a day. But now that Frobot was out in the world, its inventors had a problem: They wanted their machine to be fully autonomous, to convert tangy dairy ingredients into money with minimal human intervention. Regulations set by the National Sanitation Foundation required them to periodically monitor the temperature of the product to make sure their machine wasn’t selling putrid refrozen yogurt. That temperature data was locked up in the Taylor machine inside Frobot, where they couldn’t access it. They were intrigued, however, to see that the technician they called out to service their machine could summon up exactly the figures they needed—by entering the 5-2-3-1 secret code that appeared nowhere in their owner’s manual. Around the same time, O’Sullivan reached out to a contact at the Shenzhen-based Hax hardware accelerator, who invited the startup to come work on Frobot at the Hax workshop. They’d receive both
“It was a real aha moment,” Nelson says. “Why are these features that are so important hidden behind this menu that most people don’t know about?”
O’Sullivan and Nelson’s first product was Frobot, a fully automated froyo dispenser built around a Taylor ice cream machine. But the Taylor machine was so prone to breakdowns that they gave up and focused on a device to fix its flaws.
a $100,000 investment and the consultation of Hax’s advisers, including Andrew “bunnie” Huang, the legendary hardware guru who first hacked the Xbox 20 years ago. O’Sullivan and Nelson saw that offer of technical expertise as their chance to get over their temperature-monitoring hurdle: Could Huang and his fellow hackers help them pull out the machine’s data and send it in real time to a remote interface? O’Sullivan and one of Frobot’s contract engineers moved to Shenzhen in late 2016. They got to work in Hax’s warehouse space, above one of the city’s famous electronics markets, trying to reverse-engineer Taylor’s ice cream machines to understand and intercept their internal communications. Huang remembers O’Sullivan being more business-minded than technical, but he was impressed with the clarity of the Frobot-filled future he imagined. “It was pretty clear from the beginning they had a vision,” Huang says. Huang also remembers pointing out to O’Sullivan that the Taylor machine they were using to build their Frobot was, like a lot of food industry appliances, technology that hadn’t fundamentally changed in 50 years. “It hasn’t benefited from Moore’s law, hasn’t even bene-
fited from web 2.0,” Huang recalls telling them. “It’s a product everyone eats, and the machine that makes it is just in the dark ages.” O’Sullivan and his engineer nonetheless forged ahead, and by the end of their time in China, four months later, they’d built the device that would become Kytch—a hack to bring their Frobots in line with US sanitation requirements. O’Sullivan and Nelson did all of this, they’re careful to note, with Taylor’s knowledge and, in some cases, enthusiastic participation. A top Taylor exec had attended their prototype launch party in Washington, DC. Later, the company offered them 10 of its ice cream machines on consignment to work on and adapt. The company even shipped an ice cream machine to Shenzhen for them. After all, Frobot didn’t represent a competitor to Taylor so much as a promising new source of sales. At one point while in Shenzhen, O’Sullivan wrote to an executive at Taylor to ask for advice about a technical question they were stuck on. The executive wrote back that “if you want to tap into the controls or sniff data packets it will need to be without the assistance of Taylor at this time due to our current security policies.” 0
5
5
That response may not have been entirely friendly. But O’Sullivan read it to mean: We won’t help you hack our machines, but we know what you’re doing, and we’re not asking you to stop. In other words, as he puts it, “carte blanche.”
In 2017, Frobots began to catch on. Tesla installed two in a factory cafeteria. Levi’s Stadium, home of the San Francisco 49ers, installed another six, and the football team’s owners invested in Nelson and O’Sullivan’s company. Taylor, meanwhile, remained amicable enough toward Frobot that it invited Nelson and O’Sullivan to present it at Taylor’s booths at food industry trade shows. At those trade shows, just as their Frobots were getting their first field tests, Nelson and O’Sullivan say they began to hear whispers from Taylor customers that echoed bunnie Huang’s warning about Taylor’s engineering: The machine inside of Frobot, despite its industry dominance, was simply very hard to keep running. In their eight Frobots across the San Francisco Bay Area, they began to see the same mysterious failures and error messages that plagued those Taylor customers. They’d find that their Taylor machines were throwing up error messages saying the froyo mix was too cold. Or too hot. Or too viscous. Soon they found themselves constantly driving out to Levi’s Stadium to help befuddled staff troubleshoot and rebuild the Taylor machines inside their Frobots. As their problems continued, they went so far as to mount Nest security cams in the Frobot cabinets to capture video of what might be going wrong inside. On one occasion, they watched as the ingredient mixture inside a Frobot at the Tesla factory bubbled up and out of the Taylor machine, catastrophically hemorrhaging liquid yogurt into the surrounding cabinet. Seven hours later, they saw a Tesla food-service worker casually open the cabinet, leave the sticky mess untouched, and quietly replace a missing plastic paddle component he’d forgotten when cleaning the machine. Their business, it soon became clear, was the very opposite of automation: No one at Levi’s Stadium or Tesla seemed capable of setting up or maintaining a Frobot without the constant hands-on help of Frobot’s founders. And the problem was the Taylor machine at Frobot’s core. “Holy shit,” O’Sullivan recalls realizing. “These machines just suck.” It began to dawn on O’Sullivan and Nelson that they would need to pivot. And they had already unwittingly built the prototype for a
different product, one that offered a solution to the very problem killing their current business. For about the next year , they honed the little computer component in the Frobot that eavesdropped on the Taylor ice cream machines’ data. They built features that allowed visibility into and control of the machine’s variables (including some that automatically bypassed the 5-2-3-1 code to access its service menu), a software interface for diagnosing and troubleshooting the machine’s many hiccups, and a sleek case for the Raspberry Pi minicomputer that powered it. In the spring of 2019, they relaunched their company, this time as Kytch. (In a sign of the grandeur of their ambitions, they chose a name that suggested the idea of an entire connected kitchen, leaving open the possibility of products that went well beyond Taylor’s ice cream machines.) When Kytch launched in April of that year, Nelson drove around the Bay Area looking for any restaurant that used a Taylor machine, pitching them on LinkedIn, and offering a six-month free trial before a $10-a-month subscription kicked in. After finding a few initial customers at Burger Kings and Super Duper Burgers, they finally began to tap into their real target market, the people who represented the biggest single collection of Taylor machine owners and who used the most complex, most often borked digital version of Taylor’s product: McDonald’s franchisees. In the fall of 2019, as they began to penetrate the baroque inner workings of the McDonald’s world, O’Sullivan and Nelson were stunned to learn that most restaurant owners had never accessed or even heard of the service menu that unlocked variables like the temperature of the machine’s hoppers or the glycol used for its ultra-fussy pasteurization process. “It was a real aha moment,” Nelson says. “Why are these features that are so important hidden behind this menu that most people don’t know about?” Meanwhile, many McDonald’s owners were paying thousands of dollars a month to Taylor distributors in service fees, often for making simple changes locked behind that menu. So they added a feature to Kytch called Kytch Assist that could automatically detect some of the machine’s common pitfalls as they happened, and tweak those hidden variables to prevent some of the mishaps before they occurred. One franchisee, who asked that wired not identify him for fear of retribution from McDonald’s, told me that the ice cream machine at one of his restaurants had been down practically every week due to a mysterious failure during its pasteurization cycle. He’d scrutinized the assembly of the machine again and again, to no avail.
McDonald’s owners were paying thousands of dollars a month to Taylor distributors in service fees, often for making simple changes locked behind that menu.
0
5
6
As word of mouth spread through McDonald’s franchisees, Kytch’s sales began to double every quarter. O’Sullivan and Nelson hired a salesperson as their third full-time employee. By the fall of 2020, more than 500 of their devices had infiltrated the innards of Taylor’s ice cream machines around the world, and based on their trial subscriptions they projected 500 more by the end of the year. But the ice cream empire they were taking on was about to strike back.
Kytch’s device, built around a Raspberry Pi minicomputer, is designed to be installed inside a Taylor ice cream machine.
Installing Kytch revealed almost instantly that an overeager employee was putting too much mix in one of the machine’s hoppers. Today the franchisee wakes up every morning at 5:30, picks up his phone, and confirms that all his machines have passed their treacherous heat treatment. Another franchisee’s technician told me that, despite Kytch nearly doubling its prices over the past two years and adding a $250 activation fee, it still saves the franchisee “easily thousands of dollars a month.” McD Truth confides that Kytch still rarely manages to prevent ice cream machines from breaking. But without Kytch, restaurants’ harried staff don’t even notify owners nine out of 10 times when the ice cream machine is down. Now, at the very least, owners get an email alert with a diagnosis of the problem. “That is the luxury,” McD Truth writes. “Kytch is a very good device.”
Within two days of Kytch’s late April 2019 launch, O’Sullivan and Nelson noticed that an executive they knew at Taylor had placed an order for a device. So they wrote to their Taylor contact, politely asking what Taylor’s stance was on their product and what the company intended to do with it. When they got no response, they canceled the order and refunded Taylor’s money. A couple of months later, they saw another strange order, this time from someone at Taylor’s outside law firm, Brinks Gilson. Recognizing the firm’s name, they canceled that sale too. Over the next months, the suspicious buying attempts continued. While most franchisees would order Kytch sent to their restaurant, these supposed customers were asking for them to be sent to home addresses. Checking those addresses against public records, Nelson and O’Sullivan matched one with someone listed on LinkedIn as an employee of Marksmen, an investigation firm specializing in intellectual property cases. They came to suspect that Taylor had hired private investigators, who were using fake names to try to get their hands on the device that was hacking their machines. Around the same time, Taylor sent Nelson and O’Sullivan a cease-and-desist letter telling them to stop using Taylor’s branding in their displays at food industry trade shows. The days of their Frobot friendship had officially ended. But as Kytch hit its stride over the months that followed, the strange orders stopped and there were no more signs of animosity from Taylor. In February 2020, the partners were excited to see an email from Tyler Gamble, head of the equipment team for the National Supply Leadership Council, a flagship group of McDonald’s franchisees. Gamble was hearing “lots of buzz” around Kytch, his email read, and he wanted to look into using it in his own 10 restaurants. On a phone call, O’Sullivan remembers Gamble being friendly and interested in Kytch, but also warning them about the device’s ability to bypass Taylor’s secret menu code, which he described as a risky move that might incur Taylor’s wrath. Nelson and O’Sullivan were nonetheless tantalized by the possibility that Gamble could use his enormous sway with other franchisees to promote their product. They gave him four Kytch devices to test. That October, at the annual conference of the National Owners Association, the biggest trade group of McDonald’s franchisees, Gamble gave a speech pledging to fix the audience’s ice cream woes. “On the shake machine, I want to assure you guys that I will not feel
All these components of a Taylor ice cream machine have to be disassembled, cleaned, and lubricated every two weeks. A single one out of place can cause failure. The machines are “very, very, very finicky,” one McDonald’s franchisee’s tech manager says.
my tenure as your equipment lead has been a success unless we find a way to ensure that McDonald’s is no longer the butt of the joke,” he said, with an earnest smile. “We won’t stop until we get this right.” Then he gave Kytch a free, minute-long infomercial. “I’ve had the opportunity to have their devices in my restaurants over the last several months,” Gamble told the crowd. “This is not a McDonald’sapproved piece of equipment, and the suppliers are not yet fully on board with it,” Gamble continued. “But it’s my job to bring you feedback on equipment and best thinking as it relates to the industry, and I really think that this device can reduce complexity in your restaurants, make the lives of your teams easier, and help drive cash flow.” O’Sullivan and Nelson, watching the speech on a webcast from their sales booth at the conference, were elated. They hardly registered the “not McDonald’s-approved” and “suppliers not on board” parts of Gamble’s comments. It seemed they were about to sell a Kytch to practically every McDonald’s in America. Then, on November 2, the ax fell. Kytch’s shocked salesperson forwarded Nelson and O’Sullivan an email that McDonald’s had apparently sent to every franchisee. It warned first that installing Kytch voided Taylor machines’ warranties—a familiar threat from corporations fighting right-to-repair battles with their customers and repairers. Then it went on to state that Kytch “allows complete access to all of the equipment’s controller and confidential data” (data belonging to Taylor and McDonald’s, not the restaurant owner), that it “creates a potential very serious safety risk for the crew or technician attempting to clean or repair the machine,” and that it could cause “serious human injury.” The email included a final warning in boldface italics: “McDonald’s strongly recommends that you
remove the Kytch device from all machines and discontinue use.” The very next day, McDonald’s sent another note to franchisees announcing a new machine called Taylor Shake Sundae Connectivity that would essentially duplicate many of Kytch’s features. The note ended with a repeat of its boldfaced warning not to use Kytch. As McDonald’s restaurant owners canceled hundreds of subscriptions, trials, and commitments to install Kytch over the next months, the startup’s sales projections evaporated. Finding new customers became impossible. Their sole, flabbergasted salesperson quit. When wired reached out to McDonald’s and Taylor, both companies reiterated the warning that Kytch presents dangers to employees and technicians. “The operation and maintenance of the specialized equipment developed by Taylor and used to produce soft-serve and shake products can be complicated,” reads a statement from a Taylor spokesperson. “The checks and balances embedded in the controls of our equipment are meant to protect the operator and service technician when they interact with the machine.” As for Taylor’s Kytch-like internet-connected machine, the company states flatly that “Taylor has not imitated Kytch’s device and would have no desire to do so.” It argues that the connected device has been in the works for years, along with a different connected kitchen device called Open Kitchen, sold by another subsidiary of Taylor’s parent company, Middleby. None of the franchisees who spoke to wired had ever even heard of the Open Kitchen device. Nor had they seen a Taylor Shake Sundae Connectivity machine in the wild. McDonald’s says that only a few dozen restaurants have been testing the new models since October. All the franchisees agreed, too, that the notion that Kytch could
cause harm to humans was far-fetched, if not impossible: Kytch’s commands don’t generally affect moving parts, and Taylor’s own manual tells anyone servicing or disassembling the device to unplug it before working on it. McD Truth argues that those Kytch-killing emails stem from Taylor’s goal of building its own Kytch-like system and the long-standing relationship McDonald’s has with Taylor—which, after all, makes not only its ice cream machines but also the grills used to cook its mainstay burger products. McDonald’s may have also been spooked by Kytch’s ability to collect proprietary data on ice cream sales, McD Truth speculates. Another franchisee called the slapdown “suspicious” and “very heavy-handed.” In more than 25 years of owning McDonald’s restaurants, he told me, “I’ve never seen anything like this.”
In the aftermath of the bomb that McDonald’s and Taylor dropped on their startup, Nelson and O’Sullivan came to believe that somehow the two companies must have gotten their hands on a Kytch device—at least to test it, if not to copy it. But Kytch had required its customers to sign a contract that forbade them from sharing their devices. Who had handed it over? Nelson and O’Sullivan began sleuthing. Tyler Gamble, they recalled, had told them six months earlier that one of his Taylor machines equipped with a Kytch device had suffered a broken compressor. When they saw Gamble at the National Owners Association conference, he’d mentioned that the machine was still in the shop—which struck them as strange. Compressors don’t take six months to fix. After their business cratered, O’Sullivan and Nelson began looking up the logins on Kytch’s website and saw that one of the user profiles associated with Gamble’s machine in the shop had been deleted a couple of months after the fateful McDonald’s email in November. That deleted user was named Matt Wilson. Was Wilson one of Gamble’s employees? They began to check his locations based on the IP addresses of the networks where he’d logged in, and found IPs from Arkansas, Tennessee, and Louisiana. When they placed those points on a map, none of them appeared at Tyler Gamble’s restaurants. All the pinpoints were instead on top of facilities owned by TFG—a Taylor ice cream machine distributor. Nelson and O’Sullivan had been on friendly terms with TFG executives back in their Frobot days. So they began digging through their old contacts there. They found a business card for Blaine Martin, one of TFG’s owners, which he had given them with a handshake at a trade show. To their shock, his cell phone number had been used to create the “Matt Wilson” Kytch account. A Taylor distributor, it seemed, had obtained their device. And, contrary to the broken compressor story, they came to suspect it had been handed over by none other than friendly Tyler Gamble. Even as Gamble was praising Kytch on the conference stage in October, Nelson and O’Sullivan now allege, he had also been helping Taylor as it engineered their company’s downfall—the coldest betrayal of all.
planning is based on their claims that Gamble and likely other Kytch users violated their contracts with Kytch when they allegedly let Taylor analyze their devices, in an effort to curry favor with McDonald’s and its corporate allies. But Kytch’s cofounders make no secret that their legal threats don’t end with those defendants. They say they intend to pursue their case as far as it leads, all the way up the McDonald’s food chain. “We’re very confident that we’ll learn everything we need to know in discovery,” O’Sullivan says forebodingly, “to hold every guilty party fully accountable.” Taylor counters that it “does not possess, and has never possessed, a Kytch device” and “has no knowledge of anyone logging onto a Kytch device.” But it notes that “our Tennessee distributor reported to Taylor that its servicer removed a Kytch device from a customer location in order to service our product.” Taylor distributor TFG didn’t respond to repeated requests for comment, and Tyler Gamble didn’t answer wired ’s questions. But in an emailed response he described himself as “Kytch’s biggest advocate” and argued that he had supported the startup both publicly and privately. “Weird they would sue someone that has been in their corner and is a paying customer,” Gamble wrote, “but the facts will come out.” Regardless of how the legal conflict unfolds, Kytch’s old technical adviser and investor bunnie Huang argues that the efforts by McDonald’s and Taylor to crush this tiny startup represent a form of validation. “When big guys come along and start thumping their chests around you, that’s sort of a recognition that you’re a threat to the alpha male,” says Huang, whose Hax accelerator still owns a small investment in the company. “It shows there was a demand for Kytch and it had an opportunity to disrupt things. But when that happens, if the big guys can’t keep up or they want to take the idea, then sometimes it’s easier for them to just sort of bury the body.” As for Nelson and O’Sullivan, they have no illusions that their legal efforts will ultimately protect Kytch from the efforts by McDonald’s and Taylor to destroy it. In one of our final conversations, O’Sullivan admitted that he saw this very article as perhaps a postmortem on his company after it had been successfully murdered by the fast-food superpowers. “You’re kind of writing our obituary,” O’Sullivan told me. At times, he seemed to acknowledge the admittedly low stakes of Kytch’s story, the cutthroat battles his tiny startup has fought and continues to fight over such a trivial thing as a fast-food ice cream cone. “We want the world to know this because it’s such a ... I mean, this is about ice cream!” O’Sullivan said at one point with exasperation. But at other moments, he described Kytch’s story as a kind of David and Goliath right-to-repair struggle, or even in grander terms: a valiant effort to fix a very noncritical but ubiquitous piece of the world’s infrastructure. An effort that had been defeated not by the flaws of that machine but by the people controlling it—some of whom would rather it remain broken. “There’s the ice cream machine,” O’Sullivan says darkly, “and then there’s the machine behind the machine.” They haven’t found the secret code to crack that one yet. ANDY GREENBERG covers security, privacy, and information free-
Revenge, Nelson and O’Sullivan now hope, is a dish best served— well, through a long and elaborate legal process. The lawsuit they’re
dom. He’s the author of Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers. 0
5
9
NO ONE C O U L D D E N Y T H AT
TIMOTHY WA S S I C K .
He was a sweet-natured 10-year-old one day and a disturbed, obsessive stranger the next. But when doctors can’t agree on the cause of an illness,
BY
SEEMA YASMIN PHOTOGRAPHS BY JENNA GARRETT
0
6
0
what happens to the patient?
Timothy was 10 years old when his personality changed overnight. A concussion during a family ski trip in December 2016 left him unsteady on his feet, but that was just the first sign something was wrong. The strawberry-blond boy who played on the chess team and looked forward to Mandarin lessons became withdrawn, obsessive, and suicidal. Back home in Marin County, California, he said “bad men” had surrounded his family’s house and were trying to get him. Timothy’s parents, Rita and John, took him out of school while doctors tried to decipher what was going on inside his head. (The family members’ names have been changed to protect their privacy.) Rita suggested that her son take up knitting to fill the time. Once he started, he couldn’t stop. Compulsive thoughts haunted him, and he refused to wear many of his clothes, fearing they were contaminated. 0
6
2
The boy’s doctors were stumped. Concussions can cause mood changes, but not like this. They ran test after test, searching for a diagnosis. When Timothy’s parents wrestled him into the car to take him to various clinics—for brain scans, blood draws, immunological workups—he told them he wanted to jump out onto the highway. “You’re not my mom,” he yelled at Rita. In March, he started leaving the house and running barefoot through the surrounding fields. His parents placed a go bag near each door with bottles of water and a walkie-talkie. When Timothy ran, his father would slip on sneakers, grab a bag, and run alongside him until he tired. Eventually, the couple hired a military veteran to keep an eye on their son day and night. The tests kept coming back normal. Neurologists referred him to psychiatrists. Psychiatrists referred him back to neurologists. Pediatricians recommended therapists. Therapists suggested psychologists. In late March, with Timothy in a deepening depression, his parents and uncle made a plan: They would rent a car with no back doors, sedate him with Benadryl, and drive him overnight to the child psychiatric unit at UCLA. Timothy stayed there for more than three weeks. The doctors prescribed Lexapro, an antidepressant, and steadily upped the dose. But the boy only became more agitated. It was as if an alien had crept into his body and stolen the real Timothy, Rita recalls. His intrusive thoughts suggested a diagnosis of obsessive-compulsive
disorder; his mood changes pointed to a depressive disorder. Rita says one psychiatrist told her, “To be honest, he doesn’t really fit any category we have.” While Timothy was undergoing treatment at UCLA, Rita spoke with a mom in the San Francisco Bay Area who worked with a support group for athletes who suffer concussion and brain injury. She told Rita that when a child’s concussion symptoms don’t go away, it’s sometimes because there is an underlying infection that disrupts the brain. Rita searched online and found a diagnosis that seemed to describe the full range of her son’s symptoms: pediatric acute-onset neuropsychiatric syndrome, or PANS. One possible trigger of the disease, she read, is infection with Streptococcus, the bacteria that cause strep throat. Rita thought back to the winter. She couldn’t remember Timothy coming down with a sore throat, but just before the ski trip she had noticed that the skin around his anus looked a little red. She had put it down to irritation. But strep, she read, can cause rashes like that. She asked a neurologist at UCLA whether PANS might be making her son sick. The reply shocked her. “That’s a made-up disease,” she recalls the doctor saying. According to Rita, the UCLA team wanted to keep Timothy in the hospital and continue giving him antidepressants. She and John had watched their son become less and less like the boy they knew. They made a plan to get him home. A couple of days after returning to Marin, the family met with a chiropractor in San Francisco who specialized in the treatment of neurological disorders. Chiropractors are not medical doctors, but by this point Rita and John were ready to speak with any professional who might be able to help. Rita mentioned the rash, and the chiropractor seemed to confirm her research: Timothy, he said, had a subset of PANS called pediatric autoimmune neuropsychiatric disorder associated with streptococcal infections, or PANDAS. If the bacteria were still there, circulating in the boy’s bloodstream, the first step toward alleviating his symptoms was to knock them out. The chiropractor arranged for a doctor he worked with to write a prescription for azithromycin, an antibiotic used to treat strep. Rita had her doubts. She’d told other doctors about the skin irritation; why hadn’t any of them diagnosed Timothy with PANDAS? But the risks to her son were low, and she figured they might as well try. Two days later, the boy was starting to become himself again. The bad men had disappeared. He wanted to go out for pizza and read his favorite sci-fi books. For the first time in almost five months, Rita and John recognized their son. The relief was immense, but it was tinged with uncertainty: If this disease was “made up,” why was Timothy getting better? Would the improvement in his condition last? And the biggest question, the one that would dog the family well into Timothy’s ado-
lescence: When doctors disagree on the cause of an illness, where does that leave the patient?
U
p until the 1980s, psychiatry in the United States was still a quasi-Freudian undertaking. If a child developed tics or obsessivecompulsive disorder, the thinking went, it must be because her parents were emotionally frigid or had punished her during toilet training. (Mothers were also blamed for a number of other conditions, including autism.) So when a pediatrician named Susan Swedo joined the National Institute of Mental Health in 1986, she was delighted to be part of a new vanguard. Her mentor there, Judith Rapoport, was challenging the prevailing theories and seeking a medical explanation for OCD. A few old papers in the literature had piqued Rapoport’s interest. They concerned a childhood illness that causes tics in the face, hands, and feet. Patients jerk their limbs in a strange and uncontrollable dance; their tongues flicker; their fingers seem to hammer the keys of an invisible piano. Thomas Sydenham, the 17thcentury English physician who first described the condition, called it Saint Vitus’ dance, after the dancing manias that emerged in continental Europe during the Black Death, when large groups of people, sometimes thousands at a time, would cavort in the streets until they collapsed from exhaustion. He attributed the cause to “some humor falling on the nerves.” Not until the 1930s did scientists discover that children suffering Saint Vitus’ dance, now known as Sydenham’s chorea, had something else in common: Their blood contained antibodies for Streptococcus. Left untreated, the pathogen can cause acute rheumatic fever, a serious autoimmune disease of the heart, joints, and skin. Sydenham’s chorea, it turned out, is the neurological manifestation of acute rheumatic fever. Scientists have yet to work out exactly how one progresses to the other, but the theory goes something like this: Pathogens and antibodies in the bloodstream generally have a tough time getting past the tight-knit barrier of cells and blood vessels that protect the brain. But some Streptococcus seem to carry a secret key. They are believed to secrete toxins that open up the blood-brain barrier, allowing antibodies in. The antibodies try to grab hold of the distinctive sugar-protein clumps on the exterior of the bacteria—but, in a stroke of evolutionary bad luck, some brain cells wear similar clumps. Unable to differentiate friend from foe, the antibodies attack both. The worst damage occurs in the basal ganglia, the part of the brain that controls habits and movement. Rapoport had found that children with OCD showed increased activity in the basal ganglia. And when she looked at the case reports of patients with Sydenham’s
“ ”
We’ve been studying the disease for eight years, and we never promise a cure.
chorea, she discovered that many had developed compulsive thoughts and obsessive behaviors weeks before their tics began. Was it possible that this autoimmune disease, an illness of the body, was triggering illness in the brain? If you could cure one, would the other disappear? Over the next few years, Swedo and her colleagues treated a number of children with Sydenham’s chorea and OCD. Most had already tried the standard neuropsychiatric medications, but the drugs didn’t seem to work. The next step was to see whether the standard autoimmune treatments had any effect. Some of the kids received intravenous immunoglobulin, which can help reboot the immune system with a mixture of antibodies from healthy donors. Some underwent plasmapheresis, a process in which all of the patient’s blood plasma is run through a filter. They seemed to improve. Around this time, the first case of what would come to be known as PANDAS was referred to Swedo’s lab. The patient, an 8-year-old boy, had begun flailing his arms seemingly at random, and he had trouble speaking. His doctor suspected Sydenham’s chorea, but Swedo and her colleagues ruled it out. To them, his symptoms looked like OCD. The flailing wasn’t a physical tic; it was a mental compulsion. The boy was trying to fling bad germs away. He hoarded pieces of paper in a brown bag and refused to swallow his saliva because he feared it was contaminated. Swedo has credited the boy’s mother, a medical technologist, for drawing the crucial connection.
She told Swedo that her other son—the patient’s elder brother—had Tourette’s syndrome. She’d noticed that his tics were worse when he had a sore throat, so she’d started taking swabs and culturing them in her lab. Sure enough, they sprouted colonies of Streptococcus. The same was true of the younger brother; his strep infections and OCD symptoms waxed and waned in tandem. This raised a new possibility: You might not need a fullblown infection to trigger mental illness. Something as minor as a sore throat could be enough. By 1996, Swedo and her colleagues were feeling confident enough of the strep-tic link to give the condition a name: PANDAS. Then, in 1998, they published a paper in The American Journal of Psychiatry laying out the diagnostic criteria, with the goal of developing “treatment and prevention strategies.” They spent the following year working on those strategies, publishing case studies on various therapies—immunoglobulin, plasmapheresis, and prophylactic doses of antibiotics to reduce the severity of strep-triggered neuropsychiatric symptoms. (Swedo, who retired from the NIMH in 2019, is still active in PANDAS work. She did not respond to numerous interview requests.) Some of Swedo’s fellow researchers were skeptical. Stanford Shulman, an expert on Streptococcus who edited the journal Pediatric Annals for 14 years, called the evidence for PANDAS “tenuous at best.” More than two decades later, he finds the data even less convincing. For one thing, he notes, strep infection is extremely common in children, accounting for as many as a third of all sore throats—but you don’t see droves of kids with abnormal behavior crowding emergency departments and psychiatric clinics in late winter and early spring. What’s more, strep antibody levels can remain high for months after the infection is gone. “That creates a huge background noise,” Shulman says. “If a child develops PANDAS symptoms and by reflex some doctor draws anti-strep antibodies, they’ll say, ‘Oh look, there’s elevated titers!’” As Shulman and others see it, that doesn’t constitute enough evidence to prescribe the child antibiotics, much less intensive immunological treatments. “If a child has psychiatric symptoms, that child needs psychiatric care,” he says. Conventional psychiatric drugs and talk therapy are backed up by decades of robust scientific evidence. This is not true, he notes, of the typical PANDAS therapies. The long-term use of antibiotics especially worries him, because it could contribute to the problem of drug-resistant bacteria. This is still the mainstream position: The most recent edition of the Red Book, an exhaustive guide to childhood infectious diseases published every three years by the American Academy of Pediatrics, goes out of its way to recommend that children with PANS and PANDAS symptoms not be given an extended course of antibiotics.
JENNIFER FRANKOVICH, A PEDIATRIC RHEUMATOLOGIST, STARTED OUT AS A PANS SKEPTIC.
In 2010, after more than a decade of controversy, Swedo convened a group of colleagues to revisit the PANDAS diagnostic criteria. Physicians, patients, and their families had been “left confused” by the scientific shouting match, they later wrote in the journal Pediatrics & Therapeutics. Sick kids weren’t getting treated; researchers were having a tough time designing and funding rigorous studies. The group’s solution was to scrap the taboo letters in the PANDAS acronym, the ones standing in for “autoimmune” and “associated with streptococcal infections.” Rather than naming the condition for its supposed cause, they’d name it for its presentation in patients. The clearest and most common characteristic was rapid onset: A kid could be himself one day and a stranger the next. That became the centerpiece of the new name, PANS, or pediatric acute-onset neuro0
6
5
psychiatric syndrome. The diagnosis was meant to be broad, allowing for a range of possible triggers—infection with strep or another microbe, environmental factors, metabolic disorders. PANDAS, in other words, wasn’t going away; it was just becoming a subset of the larger syndrome. Swedo and her colleagues included a handful of children’s drawings in their paper, made before, during, and after the kids got sick. One triptych is especially moving, a course of illness in miniature. The “before” image shows a dark-haired woman in a teal cocktail dress, her cat-eye makeup meticulously rendered. The “during” image, drawn in the midst of a flare-up, feels addled by comparison. There are no colors or recognizable figures, just squiggles and disembodied eyes. The “after” image shows a girl in a red-striped shirt and sunglasses. She’s standing beside the Eiffel Tower, smiling. 0
6
6
MARGO THIENEMANN, A CHILD AND ADOLESCENT PSYCHIATRIST, COUNSELS PANS PATIENTS AND THEIR PARENTS ON HOW TO NAVIGATE THE MEDICAL SYSTEM.
A
bout a week after his visit to the chiropractor in San Francisco, Timothy was sitting in a clinic at Stanford’s Lucile Packard Children’s Hospital telling a trio of boardcertified doctors about his hellish ordeal. His life had been turned upside down, he said, but a few days of antibiotics had made him feel himself again. By this point, he told me, he thought of physicians as “clueless.” He’d have won a gold medal in the “100-meter ditch-your-doctor dash,” he said. He had been poked and prodded, his brain scanned, his mind trawled. The medical establishment had belittled his parents, and he felt he had been misdiagnosed and mistreated. So he expected these doctors might dismiss him, too. Instead, the head of the clinic, a rheumatologist named Jennifer Frankovich, promised that her team would help. (Although Frankovich and I are both employed by Stanford, our work has never intersected.) Alongside Frankovich were Margo Thienemann, a child and adolescent psychiatrist, and Theresa Willett, a pediatrician with a PhD in immunology. The three doctors weren’t shocked by Timothy’s spiral into despair, the sudden psychiatric symptoms and the personality change. They weren’t surprised that psychiatric medicines made him feel worse and that antibiotics made him feel better, or that a multitude of doctors had not been able to offer a single, conclusive diagnosis. This was classic PANS, they said. The doctors started Timothy on a new course of antibiotics. (Frankovich says she’s always reluctant to prescribe them, though some kids end up needing antibiotics for years.) They also gave him antiinflammatories and intravenous steroids. Rita felt hope for the first time that year. Frankovich had started out as a PANS and PANDAS skeptic. As a resident in Stanford’s pediatrics training program in the early 2000s, she’d given a presentation on an article that questioned the link between OCD, tics, and strep. She fell in line with the mainstream thinking, which attributed the disorders to faulty wiring in the brain. Then, in 2010, she met a 13-year-old girl who suffered from the autoimmune disorder lupus. The girl had endured years of treatment with steroids and other harsh medications, including an immune-suppressing drug called CellCept. The side effects had been horrible: Her cheeks ballooned and her belly became distended. Finally, though, she had gone into remission. But when Frankovich began to taper the dose of CellCept, the girl became depressed; she found it hard to read, remember, and think. Frankovich upped the CellCept and started intravenous steroids again. “Right in front of my eyes, all those mental illness symptoms melted away,” she says. The same thing happened with a 10-year-old boy who had an inflammatory disease of the spine. Overnight, he had developed OCD and tics. Frankovich called his pediatrician and mentioned
Swedo’s research. The pair treated the boy with steroids. His symptoms melted away. To Frankovich, this suggested a sobering possibility: Thousands of sick kids around the country were being treated with psychiatric medications while the underlying cause of their illness—inflammation—went unnoticed. Frankovich cobbled together an informal clinic with two psychiatrists. Starting in 2012, the trio worked overtime, tagging hours onto their already packed schedules. They borrowed clinic space and a clinical coordinator from the rheumatology department and called themselves the Neuro-Psychiatric-Immunology Clinic, a non-catchy mouthful of a name chosen deliberately to avoid attention. They didn’t want controversy, and they certainly didn’t want to put the names of contested illnesses in their clinic’s title. The hypotheses they were testing placed them at the margins of their disciplines and at odds with mainstream medicine. Frankovich shared her research and patients’ stories at small medical meetings around the country, in hopes that more doctors might consider treating PANS and PANDAS. But as she spoke, some of her peers would stand up and walk out of the room. Others approached her afterward. “What are you doing, Jenny?” she recalls one saying. “Why are you pushing this nonsense?” asked another. Word travels fast through the world of pediatric rheumatologists. At the time, there were fewer
“ ”
Doctors are used to knowing the answer. They want to be the ones to figure everything out.
than 300 such doctors in the United States. Frankovich felt like an outcast. In 2014, a story about one of Frankovich’s patients made the pages of a local newspaper. Other doctors had diagnosed the little girl with bipolar disorder, but the Stanford team treated her for PANS, and she’d made a dramatic recovery. The article, Frankovich says, marked “a very low point in my career and life.” It brought on a renewed wave of criticism, which was bad enough. Even worse, Frankovich says, it gave hope to vastly more patients and families than she and her colleagues would ever be able to treat. “We got absolutely crushed with phone calls and emails and people just showing up,” she recalls. “It was a nightmare.” But the article was also a turning point: Frankovich soon got an offer of support from the hospital’s chief operational officer. She requested a clinic room and a half-time coordinator. As the calls and emails kept coming, Frankovich’s team would sift through thousands of medical records, looking for patients with the clearest-cut cases of PANS. She estimates they were able to treat one in 10 patients who applied, if that. They met families who had sold their cars and refinanced their homes to pay for their children’s medical care. Many said, like Rita, that Frankovich’s clinic was the first place they felt hope.
D
octors have been proving other doctors wrong for millennia. Established credo has been overturned many times, only to be replaced with new information and new beliefs about science and medicine. In the 19th century, perhaps one in five British men who were admitted to a mental hospital suffered what was then called general paresis of the insane, a crippling condition that ended in delusions of grandeur, paralysis, and death. As the poet Kelley Swain writes in The Lancet, the Victorians considered it “a disease of dissolution and disrepute,” more moral than biological. We have a different name for the disease now, neurosyphilis, and a treatment, penicillin. But in the decades it took for medical science to cross that threshold, people were left to suffer in shame without proper treatment. Many PANS patients and their families feel stuck on the wrong side of the threshold. “The system is not there for them in the same way it is for other illnesses,” Frankovich says. She points out that a child undergoing treatment for a brain tumor gets access to a specialized ward and a team of medical professionals and social workers. “But when a kid comes in with a mental health deterioration and their brain MRI is normal,” she says, the support network “walks away from them.” The families become so desperate for treatment, Frankovich adds, that “they can appear very dysfunctional and dis0
6
8
organized, and they can be very aggressive with trying to get their child help.” (Several PANDAS skeptics declined to be interviewed for this story, saying they feared online harassment.) Jonathan Mink, a pediatric neurologist at the University of Rochester Medical Center, attributes the heightened emotions to a mismatch between what families want—an answer, a treatment—and what medical science is equipped to provide: “Some people come up to me and say, ‘I know you’re not a believer in PANDAS,’ and I say, ‘It’s not about believing in PANDAS. I believe in the data, and right now the data on PANS and PANDAS is inconclusive.’” He adds, “The underlying hypothesis is reasonable, but the data is very mixed. So how do we approach things when we physicians are uncertain?” Stanford Shulman, the early PANDAS critic, also stressed the need for better data. “Should all older adults take an aspirin once a day? Because that was dogma for a long, long time,” he says. “But then studies came along in The New England Journal of Medicine, very large studies demonstrating no benefit and potential side effects, so we do have to change our mind.” He adds, “If we’re proven wrong, and really proven wrong, then we have to change our opinions, and that’s true for all medicine.” For the past several years, Frankovich has been trying to raise money and recruit patients for a comprehensive, long-term study of PANS, which would follow 600 children for as long as 12 years. “We need proper funds to provide the kind of robust evidence that could end the controversy,” she says. “My colleagues have applied for NIH grants to study PANS and PANDAS, and despite their proven accomplishments they failed to get government funding. So how do we provide the evidence that this is real?” There are PANS and PANDAS programs at a number of respected academic institutions, including Dartmouth, Massachusetts General Hospital, and—as of recently—UCLA. Most lack enough resources to study the thousands of children who walk through their doors. Late last year, though, a wealthy couple donated $2.4 million to Frankovich’s clinic to fund the completion of a “biorepository.” For now, Frankovich is focused on stocking the biorepository with blood and tissue specimens; she is also collecting MRI and EEG scans and sleep study data that might reveal the disease’s pathways through the immune system. One concern Frankovich and Shulman share is that some practitioners try to capitalize on the medical and scientific uncertainty. They open up cash-only clinics and dangle the promise of a cure. “They promote this idea that this is an easily fixed problem,” he says. “They find a sizable market, and they give therapies that have never been demonstrated to be beneficial. That’s dangerous.” At Stanford, Frankovich says, “we’ve been studying the disease for eight years, and we never promise a cure.”
TIMOTHY AND RITA NEAR THE FAMILY’S HOME IN MARIN COUNTY.
Timothy likens the fighting doctors to gods in a Greek myth, doing battle on Olympus while the mortals down on the ground try to survive. He believes that the PANS treatments have worked for him and that they could do the same for other patients. “I love debate—I’m in the debate club—and I love science,” he told me. “So give people the help they need and keep debating.” Timothy is 14 now. He plays drums in a rock band and acts in school plays, but he still struggles to make sense of his ordeal in the early months of 2017. “I’m seeking absolution,” he says, a process that requires ongoing talks with a therapist. He has been on antibiotics since his diagnosis at age 10, although Frankovich has significant concerns about long-term antibiotic use and is collaborating with a pediatric infectious disease specialist who is managing Timothy’s treatment. In the winter of 2019, Timothy suffered a significant recurrence of symptoms, including obsessive thoughts about contamination, which his doctors said were possibly triggered by another strep infection. At that time, he says, flare-ups of differing severity occurred as often as once a month. Today, he and his parents consider him in remission. Likening doctors to gods, whether those gods are beneficent or truculent, seems fitting for a profession that rules over the bodies of the dying, the voiceless, and the vulnerable. Margo Thienemann, the child and adolescent psychiatrist at the Stanford clinic, teaches her patients’ parents how to engage with the people who choose this profession: Don’t put them on the defensive, don’t appear aggressive or hostile, don’t lead with your own diagnosis, don’t say the words PANS or PANDAS when you first see a doctor, she tells them. “Doctors are used to knowing the answer,” she says. “Doctors are people who got all the good grades in school; they want to be the ones to figure everything out. So if you go in saying, ‘I’m telling you my child has this,’ then the doctor will feel like, who’s the doctor here?” She advises families to “stick to the symptoms, stick to the presentation. If the doctor can come up with the answer, then that’s better for everyone.” But while we wait for proof to possibly sway opinion, children are in limbo, stuck between highly qualified doctors who say these diseases are real and equally qualified doctors who say they are made up. Timothy gushes over Frankovich and the help she offered when he was scared, wary, and sick. She’s a rare kind of god, he says. “That god goes down and tries to help the people. That god is extraordinary.” SEEMA YASMIN (@DoctorYasmin) is a clinical
assistant professor of medicine at Stanford University, director of the Stanford Health Communication Initiative, and author of Viral BS: Medical Myths and Why We Fall for Them.
Illustrations by Mark Harris
A family-run psychotherapy startup grew into a health care giant. Then a hacker started posting patients’ most intimate secrets on the internet. What happened at Vastaamo? by William Ralston
on the morning of October 24, 2020, expecting what Finnish college students call normi päivä, an ordinary day. It was a Saturday, and he’d slept in. The night before, he had gone drinking by the beach with some friends. They’d sipped cheap apple liqueur, listened to Billie Eilish on his boom box. Now Jere (pronounced “yeh-reh”) needed to clear his head. He was supposed to spend this gray fall day on campus, finishing a group physics project about solar energy. The 22-year-old took a walk around the lake near his apartment outside Helsinki. Then, feeling somewhat refreshed, he jumped on the bus. The day went quickly. Jere caught up with his friends, many of whom he hadn’t seen since the pandemic began. They chatted about their Christmas plans, ordered pizzas from a favorite local spot, and knuckled down to work in the cafeteria. At around 4 pm, Jere checked Snapchat. An email notification popped up on his screen. His hands began to shake. The subject line included his full name, his social security number, and the name of a clinic where he’d gotten mental health treatment as a teenager: Vastaamo. He didn’t recognize the sender, but he knew what the email said before he opened it. A few days earlier, Vastaamo had announced a catastrophic data breach. A security flaw in the company’s IT systems had exposed its entire patient database to the open internet—not just email addresses and social security numbers, but the actual written notes that therapists had taken. A group of hackers, or one masquerading as many, had gotten hold of the data. The message in Jere’s inbox was a ransom demand.
“If we receive €200 worth of Bitcoin within 24 hours, your information will be permanently deleted from our servers,” the email said in Finnish. If Jere missed the first deadline, he’d have another 48 hours to fork over €500, or about $600. After that, “your information will be published for all to see.” Jere had first gone to Vastaamo when he was 16. He had dropped out of school and begun to self-harm, he says, and was consuming “extreme amounts” of Jägermeister each week. His girlfriend at the time insisted he get help; she believed it was the only way Jere would see his 18th birthday. During his therapy sessions, Jere spoke about his abusive parents—how they forced him, when he was a young kid, to walk the nearly 4 miles home from school, or made him sleep out in the garden if he “was being a disappointment.” He talked about using marijuana, LSD, DMT. He said he’d organized an illegal rave and was selling drugs. He said he’d thought about killing himself. After each session, Jere’s therapist typed out his notes and uploaded them to Vastaamo’s servers. “I was just being honest,” Jere says. He had “no idea” that they were backing the information up digitally. In the cafeteria, Jere grabbed his bag and told his friends he’d turn in his portion of the physics project the next day. On the bus ride home, he frantically texted his best friend to come over. Then his mother called; as the adult listed on his old account, she’d received the ransom note too. She and Jere were on good terms now, but if she got involved she might learn what he’d said in his sessions. Then, he says, he’d probably lose her from his life completely. He told his mother not to worry. That afternoon, he filed an online police report. Jere poured himself a shot of vodka, then two or three more. He found his vape pen and took a Xanax, prescribed to him years earlier for anxiety. He’d stored a few pills in his bedroom drawer just in case, but he never believed he’d need them again. He passed out shortly after his friend arrived. The next morning, Jere checked Twitter, where he was both horrified and relieved to learn that thousands of others had received the same threat. “Had I been one of the only people to get the mail, I would have been more scared,” he says. Vastaamo ran the largest network of private mental-health providers in Finland. In a country of just 5.5 million—about the same
as the state of Minnesota—it was the “McDonald’s of psychotherapy,” one Finnish journalist told me. And because of that, the attack on the company rocked all of Finland. Around 30,000 people are believed to have received the ransom demand; some 25,000 reported it to the police. On October 29, a headline in the Helsinki Times read: “Vastaamo Hacking Could Turn Into Largest Criminal Case in Finnish History.” That prediction seems to have come true. If the scale of the attack was shocking, so was its cruelty. Not just because the records were so sensitive; not just because the attacker, or attackers, singled out patients like wounded animals; but also because, out of all the countries on earth, Finland should have been among the best able to prevent such a breach. Along with neighboring Estonia, it is widely considered a pioneer in digital health. Since the late 1990s, Finnish leaders have pursued the principle of “citizen-centered, seamless” care, backed up by investments in technology infrastructure. Today, every Finnish citizen has access to a highly secure service called Kanta, where they can browse their own treatment records and order prescriptions. Their health providers can use the system to coordinate care. Vastaamo was a private company, but it seemed to operate in the same spirit of tech-enabled ease and accessibility: You booked a therapist with a few clicks, wait times were tolerable, and Finland’s Social Insurance Institution reimbursed a big chunk of the session fee (provided you had a diagnosed mental disorder). The company was run by Ville Tapio, a 39-year-old coder and entrepreneur with sharp eyebrows, slicked-back brown hair, and a heavy jawline. He’d cofounded the company with his parents. They pitched Vastaamo as a humble family-run enterprise committed to improving the mental health of all Finns. For nearly a decade, the company went from success to success. Sure, some questioned the purity of Tapio’s motives; Kristian Wahlbeck, director of development at Finland’s oldest mental health nonprofit, says he was “a bit frowned-upon” and “perceived as too business-minded.” And yes, there were occasional stories about Vastaamo doing shady-seeming things, such as using Google ads to try to poach prospective patients from a university clinic, as the newspaper Iltalehti reported. But people kept signing up. Tapio was so confident in what he’d created that he spoke about taking his model overseas.
0
7
3
Before “the incident,” Tapio says, “Vastaamo produced a lot of social good.” Now he is an ex-CEO and the company he founded is being sold for parts. “I’m so sad to see all the work done and the future opportunities suddenly go to waste,” he says. “The way it ended feels terrible, unnecessary, and unjustified.”
T
APIO GREW UP in a “peaceful and green” neighborhood in northern Helsinki during a bad recession. His mother, Nina, was a trauma psychotherapist, and his father, Perttu, a priest. His grandparents gave him a used Commodore 64 when he was 10, which led him to an interest in coding. Something in his brain resonated with the logical challenge of it, he says. He also saw it as a “tool to build something real.” The obsession endured: In middle school Tapio coded a statistics system for his basketball team, and in high school he worked for the Helsinki Education Department, showing teachers how to use their computers. Rather than going to college, he set up an online shop selling computer parts—his first business, funded with “a few tens of euros,” he says. A couple of years later, at age 20, he joined a small management consultancy. The idea for Vastaamo came to Tapio when he was working with the Finnish Innovation Fund, a public foundation that invests in solutions to social and environmental problems. The fund sent him on a survey of health care systems in Western Europe. Being his mother’s son, he noticed that the Netherlands and other countries seemed to do a better job of providing mental health services than Finland did; the public system at home was known for patchy coverage and long wait times. Ever the coder, he wondered whether a web-based counseling service would help. It could sell vouchers to cities and towns, which could distribute the vouchers for free to residents. People could use the service anonymously. They wouldn’t have to worry about the stigma of seeking care, and they’d have access anytime, anyplace. In 2009, the Finnish Innovation Fund backed Tapio’s idea with an initial grant of about $12,000. He and his parents used the money—along with more than $13,000 of their own savings—to start Vastaamo, Finnish for “a place where you get answers from.” Tapio registered the company as a social enterprise, meaning that the bulk of its profits would be poured back into its mission to improve mental health services. He would own around 60 percent, and most of the remainder would belong to his parents. Perttu would serve as CEO. Clients could send a message to Vastaamo, and within 24 hours they’d get a personal response from a qualified therapist. (Wahlbeck, of the mental health nonprofit, notes that such services aren’t regulated by the government.) But counseling by internet “was not enough for customers,” Tapio says. Many of them needed access to in-person therapy. One way to meet that need was to grow Vastaamo into a network of brickand-mortar clinics. Tapio planned to digitize whatever he could, from bookings to invoices to medical records—everything but the appointment itself. The idea was that independent therapists would join Vastaamo to avoid dealing with their own administrative headaches. Freed by automation, they’d have more time to spend with clients (and rack up billable hours). To deliver on this vision, Vastaamo needed an electronic medical record system, but Tapio didn’t like the options he found. Either the systems bristled with irrelevant features or they were too tightly tailored to a different area of medicine. The lack of good software, Tapio says, was one of the “main reasons” nobody had done what Vastaamo was about to attempt. Rather than use an existing system, the company designed its own. It launched in late 2012, around the same time Vastaamo’s first in-person clinic opened, in the Malmi district of Helsinki. Tapio wouldn’t go into
A Vastaamo clinic location in Espoo, near where Jere lives.
technical detail about the system, but in court documents he suggests it was browser-based and stored patients’ records on a MySQL server. More important for Vastaamo’s purposes, the interface was easy to use. When therapists applied for a job at the company, they heard all about how much it would quicken their work. But the slick exterior concealed deep vulnerabilities. Mikael Koivukangas, head of R&D at a Finnish medtech firm called Onesys Medical, points out that Vastaamo’s system violated one of the “first principles
0
7
5
of cybersecurity”: It didn’t anonymize the records. It didn’t even encrypt them. The only thing protecting patients’ confessions and confidences were a couple of firewalls and a server login screen. Anyone with experience in the field, Koivukangas says, could’ve helped Vastaamo design a safer system. At the time, though, fears of a breach were far from Tapio’s mind. The summer after Vastaamo’s first clinic opened its doors, he took over as CEO and set the company on a path toward expansion. In 2014 there was a change in the regulations around Vastaamo’s business. The Finnish Parliament decided to split medical information systems into two categories. Class A systems would connect with Kanta, the national health data repository, so they’d need to meet strict security and interoperability standards. Anyone who planned to keep their patients’ records in long-term electronic storage would have to use a Class A system. Smaller organizations, the kind that kept vital records in manila envelopes and filing cabinets, would be allowed to use Class B systems. These weren’t as tightly regulated, in part because they wouldn’t make very interesting targets for a hacker. Class B operators would simply self-certify to the government that their setup met certain requirements. “The government” being, in this case, a single man— Antti Härkönen—whose purview includes all 280 Class B systems in Finland. The new law gave Vastaamo several years to adopt a Class A system. The problem, Tapio says, is that the Finnish government hadn’t specified how psy-
chotherapy practices should format their data. Vastaamo could build a Class A system and plug into Kanta, but there was “no way to stop, for example, general practitioners at health care centers or occupational health physicians from accessing” therapy records, he says. Outi Lehtokari, Kanta’s head of services, pushes back against this claim. “Tapio might have misunderstood how Kanta works,” she says. Patients can choose to restrict access to their information. In any event, on June 29, 2017, Vastaamo registered a Class B system. As Tapio tells it, the company was eager to upgrade to Class A as soon as the government released formatting specs for psychotherapy. But that didn’t happen. Instead, when the specs came out, Vastaamo kept on going with its Class B. Tapio says that Finland’s “supervisory authorities” then signed off on the system “numerous times” in the years ahead. Härkönen, who is one of those authorities, says that to monitor all the Class B systems carefully would be “mission impossible” for him. He adds, however, that there should be more “proactive inspections.” By 2018, Vastaamo was operating nearly 20 clinics and employing around 200 therapists and staff. By the end of 2019, annual revenue had risen to more than $18 million. The company drew the interest of Intera Partners, a Finnish private equity firm, which bought out the majority of Tapio’s and his parents’ stakes. Tapio took home nearly $4 million from the deal. With each new clinic that opened, the original process repeated: Härkönen reviewed Vastaamo’s self-certification and gave the thumbs-up. More patient data flowed into the MySQL server. And the reservoir behind the dam rose a little higher.
T
APIO FIRST HEARD from the hacker on September 28, 2020. The demand was 40 bitcoin, around half a million dollars at the time. The message came to him and a pair of developers he’d hired in 2015, Ilari Lind and Sami Keskinen. Lind was responsible for maintaining the company’s IT systems, including its servers and firewalls; Keskinen was the data protection officer. According to a statement Tapio made to Helsinki District Court, he immediately notified various government authorities, including the police. Lind sifted through Vastaamo’s network traffic logs but reported finding no evidence of a hack. Tapio hired a security company called Nixu to investigate further. Two days later, Tuomas Kahri, COO of Intera Partners and chairman of the board of Vastaamo, sent an email to Tapio to thank him for his diligence in handling the breach. Kahri would later say that some of his own loved ones had been targeted in the attack. In early October, Tapio got another shock. Keskinen and Lind called with a confession: Just before they’d joined Vastaamo, they had been arrested as part of a security breach at Tekes, the Finnish Funding Agency for Technology and Innovation. Lind had discovered that he could download Tekes’ entire database, containing information on as many as 20,000 companies, by changing the URL on a funding application. He informed Tekes, which fixed the vulnerability—but he also notified Keskinen, who downloaded the database. There
was a pretrial investigation for aggravated fraud, breach of confidentiality, and burglary, but the prosecution could not establish that Lind and Keskinen had used the database for financial gain. Tapio says that if he had known about the two men’s histories, he would never have hired them. (Keskinen and Lind declined to comment.) As it was, though, he had more pressing problems to worry about. On the morning of Wednesday, October 21, the hacker posted a message on Ylilauta, an anonymous public discussion board. “We have attempted to negotiate with the Ville Tapio, the CEO of vastaamo, but he has stopped responding to our emails,” they wrote in English. Until they got their 40 bitcoin ransom, they were going to leak 100 patient records each day. The first batch was already up on a Tor server. Anyone who wanted to could go read them. The hacker started emailing with Henrik Kärkkäinen, a reporter at the newspaper Ilta-Sanomat. To prove they were the real McCoy, they uploaded a file to the Tor server called “henrik.txt”—a snippet of their exchange. In emails to Kärkkäinen, the hacker scorned Vastaamo: A company with security practices that weak was the real criminal, he recalls them writing. They claimed to have been sitting on the stolen database for 18 months, unaware of its value. When Ylilauta’s moderators removed the posts, the conversation migrated to Torilauta, a popular discussion forum on the dark web. The hacker took on a name: ransom_man. At least one desperate person offered to pay the full 40 bitcoin. Another wrote, in English, “I have discussed about very private things with my therapist and will literally kys myself if they are released.” They had their bitcoin ready: “I can send it in minutes, I’m constantly refreshing this page.” About 30 payments ended up going to the hacker’s Bitcoin wallet, according to Mikko Hyppönen, the
0
7
7
chief research officer at F-Secure, a global cybersecurity company. It is unclear whether ransom_man actually deleted anyone’s information. The hacker did follow through on another promise, however. On October 22, they leaked 100 more patient records. Some belonged to politicians and other public figures. They contained details about adulterous relationships, suicide attempts, pedophilic thoughts. The next batch came around 2 am the following morning. The hacker also put all the records they’d leaked so far into a single file called “Vastaamo.tar.” And then something strange happened. Ransom_man replaced the first “Vastaamo.tar” with a much bigger one. It was 10.9 gigabytes—the entire leaked database. This file also contained a Python script that the hacker had used to organize the therapy records. The 10.9 GB upload seems to have been a mistake, because it disappeared in a matter of hours, along with the entire Tor server. Some speculated that Vastaamo had paid the 40 bitcoin, though company officials denied it. Either way, ransom_man soon changed tactics and started extorting individual patients. This was unusual. Most of the time, cybercriminals go after institutions, according to Hyppönen. He knew of only one earlier instance of patients being singled out—in late 2019, after a breach at the Center for Facial Restoration in Miramar, Florida. (Since the Vastaamo attack, he adds, two other hacks have also targeted patients of plastic surgery clinics.) “Most attackers want money, and health care data is not directly monetizable,” Hyppönen says. But with real-world examples of the crime paying off, he adds, “it could become more common.” Vastaamo reacted by offering patients a free counseling session. Therapy continued as normal. One patient says her therapist advised her to consider that not everything being said in the news was true. Some patients picked up a physical copy of their records, to learn what had been stolen, and others joined Facebook groups dedicated to victim support. Jere, however, opted not to; he wanted to minimize his online presence. He changed his phone number and purchased
ON E V ICTI M HAD THE IR
BI TC O IN R A N S OM AT T HE REA DY.
“I CA N S E ND I T I N MI NUT ES ,” T HEY WROT E. “ I’ M CO NSTANT LY R E F RES H ING T HIS PAGE .”
credit protection. He never seriously considered paying the hacker, he says, because “there was absolutely no guarantee they would obey” their own terms.
O
N THE MONDAY after the breach became public, Tapio went to Vastaamo headquarters in Helsinki. He’d been summoned there by Tuomas Kahri, the Intera COO who a month earlier had thanked him. Instead of speaking to Tapio face to face, Kahri had a consultant hand him a letter. It said that Tapio’s contract as CEO was terminated. Hours later, the company announced Tapio’s dismissal. Shortly after that, in response to a legal motion filed by Intera, the Helsinki District Court ordered the temporary seizure of $11.7 million worth of the Tapio family’s assets—exactly what Intera had paid for its share of Vastaamo. Kahri declined several requests to comment on Intera’s claims, but
A Vastaamo clinic location in Turku.
they’re described in public (albeit redacted) court documents. In its filings, Intera says it became aware of two previously unreported breaches at Vastaamo, in late 2018 and the spring of 2019. The second date fell shortly before the buyout went through. “Based on the information received so far, it is reasonable to assume that Ville Tapio was aware of the breach,” Intera argues. Not only that, but he “sought to conceal” it. Intera wanted to dissolve the transaction and reclaim the purchase price. Tapio, as the defendant, submitted written testimony in rebuttal. He claims to have been blindsided by the news of the 2019 breach. The reason he didn’t find out about it at the time, he writes, is that Keskinen and Lind—the “system architects”—never told him about it. On the morning of March 15, Vastaamo’s servers crashed and the patient database was replaced with a blackmail message. Tapio notified staff of the crash at 11:18 am, but no one appears to have discussed the possibility of a breach in either of the reports submitted to the government. According to Tapio’s testimony, Keskinen and Lind—who shared an administrator account—told him that the crash might have been caused by some minor adjustments they’d made shortly beforehand. But he says that Nixu, the cybersecurity company he hired in September, found something else: The shared account read the ransom message and deleted it. In Tapio’s version of events, then, whoever was using that account covered up the March breach. And the reason they did it, he contends, was to conceal a vulnerability they’d created themselves—one that had left Vastaamo’s patient database “without firewall protection” for more than a year. There were supposed to be three levels of security surrounding the database, Tapio tells me: one firewall at the network level, which blocked connections from the public internet; another around the individual server that stored the patient database; and the server configuration itself, which prevented connections from outside accounts. In November 2017, Lind spent a few hours configuring the server to allow remote access. Tapio believes that Lind and KesWILLIAM RALSTON (@RalstonWilliam9)
is a writer based in London.
kinen wanted to be able to manage the server from offsite, and that instead of going to the trouble of setting up a VPN, they simply peeled back the firewalls. “Those are two professionals that know much more about the network and firewall and server management than I,” Tapio says. “I was not responsible.” Keskinen and Lind have not testified in the Intera case. They declined to comment on Tapio’s numerous allegations. Until the dispute is resolved, the $11.7 million that Intera wants back—the fortune that Vastaamo built—will remain frozen.
I
N EARLY JANUARY of this year, the Vastaamo patient database reappeared on at least 11 anonymous file-sharing services across the public internet. The file contained all the same records as before but was a fraction as big, so it spread easily. Without an accompanying message, the motivations for the upload are hard to discern—but it did appear fewer than 48 hours before Vastaamo’s board was due to discuss the company’s future. Was this a spiteful push to bring the company down? If so, then it was a success. On January 28, Vastaamo was put into liquidation, and it filed for bankruptcy two weeks later. In early March, its staff and services were transferred to Verve, a provider of occupational welfare services. The acquisition did not include Vastaamo’s customer data, and Verve will use a Class A system. Almost immediately after the hack happened, Parliament fast-tracked legislation that would allow victims like Jere to change their social security numbers in case of a serious breach. But patients were spooked, one counselor told the newspaper Helsingin Sanomat. “Not everyone who needed help may have sought treatment,” he said. Some argue that therapists should never be able to enter session notes into Kanta; now more than ever, patients will not risk having their data travel beyond the consultation room. In wider medicine, Koivukangas says, the Vastaamo scandal has highlighted the “unmet demand” for electronic medical record systems that are scalable, easy to use, and—crucially—secure. This is an area ripe for disruption, he says, and “prior to this breach, many thought with good reason that Vastaamo would’ve been one of those disruptors.” Until the marketplace improves, he says, expect more bespoke solutions, and more breaches. Unless ransom_man is caught and the Finnish authorities sort out everything that happened at Vastaamo, it will be impossible to know exactly how “the incident” began. Would it have happened, for example, if Finland had been more proactive in policing electronic medical systems? Or if Tapio had implemented a more secure system? What’s clear is how it ended—in the most painful way possible for tens of thousands of patients. As more health care systems across the world go digital, the risk of that outcome rises. “Being honest about my mental health turned out to be a bad idea,” Jere says. He worries about identity theft, about some debt collection company calling him out of the blue and demanding tens of thousands of euros. He worries that his history of teenage alcoholism, so well documented on the web, will make it hard for him to find meaningful work as an adult. And he still worries that his mother may read his file one day. It’s somewhere in the ether, accessible to anyone.
Nobody h as h e a r d o f t he sc i -f i w r i t er
R. A. L AF F ERT Y — e xc e pt f o r a ll y o u r fa vo r i te s c i- f i w r i te r s .
BY
J a s o n Ke h e
ILLUSTR ATIONS BY SAM WHITNE Y
29
06
A GIGANTICAL TALE OF
LAFFERVESCENT GENIUS
Just kidding. Sort of. The sci-fi writer R. A. Lafferty used to make claims like that. For most of his career, he’d tell people he was “the best short story writer in the world.” Smart move, in theory. Makes you want to read him. We’re suckers for superlatives. Best, greatest, most important. When Lafferty did it, he was joking. He was also being perfectly serious. Everything Lafferty put his name on was outrageous, insidery, and truth-seeking: a serious joke. But then, so is life itself. Therefore, Lafferty might be right. He might really be the best there ever was. Just one problem: Nobody reads him. They didn’t when he was alive, and they don’t now that he’s dead. It’s a clickbait cliché falling somewhere between desperate and insulting to say so-and-so is the greatest such-andsuch you’ve never heard of, but in this case, it happens to be true. Ask your nerdiest friends if they’ve ever encountered a Raphael Aloysius Lafferty in their cosmic travels. They haven’t, and a name like that sticks with a person. Even people who’ve heard of people other people haven’t heard of are people who haven’t heard of him. Lafferty didn’t just write possibly the best short stories in the world, of which more than 200 were published by various pulps and small presses in his lifetime. He also wrote 36 novels, which is a lot and which nobody, not even Lafferty, has ever put in the category of best. (A tragic mistake.) Of them, only four merit entries on Wikipedia; fewer than that are currently in print. The Wikipedia page for Serpent’s Egg, a late-career work that came out in 1987 and fell into obscurity promptly thereafter, includes what might be the most fitting plot summary not only of a Lafferty novel but of any novel ever written. As of February 24, 2021, at 3:22 pm, it reads, in its entirety: “Serpent’s Egg is a novel in which .” This is exactly right. It could be a typo, but maybe it’s not. A joke, but also highly serious. Look at the awkward, breathtaking space the ghostly editor added before the period. In which—GASP, the end. The question is, do we dare to fill it in?
0
8
2
Illustrations: Photo by H. Armstrong Roberts/ClassicStock/Getty Images
WHAT FOLLOWS WILL BE THE BEST ARTICLE YOU’VE EVER READ ABOUT WRITING AND SCIENCE FICTION.
OK, so a select few have read Lafferty, a secret society of loonies whose names you probably do recognize. Neil Gaiman. Ursula Le Guin. Samuel Delany. Other sci-fi writers, in other words. R. A. Lafferty has always been, then, a sci-fi writer’s sci-fi writer—a blurry, far-out position to find oneself in. When comedians hang out, they famously have to commit acts of borderline criminality, usually involving nudity and great heights, to get each other to bust up. So just think what absurdities a sci-fi writer has to conjure in order to gobsmack his fellow sci-fi writers—who actually are, by much wider consensus, some of the best in the world. The descriptor they tend to resort to, as if by no other choice, is sui generis, dusty old Latin for “one of a kind.” It’s probably the most common phrase associated with Lafferty (incidentally a self-taught student of Latin), and it appears not once but twice in The Best of R. A. Lafferty, which Tor published earlier this year to nonexistent fanfare and which, in keeping with the man’s self-aggrandizing sense of humor, should’ve been called The Best (of the Best) of R. A. Lafferty. Each of the 22 short stories is introduced by a writer often far more famous than Lafferty ever was, including Gaiman and Delany, and also John Scalzi, Jeff VanderMeer, Connie Willis, and Harlan Ellison (who’s dead; his piece was originally published in 1967). Ellison—whose fellow Ellison,
Ralph, wrote Invisible Man—says this of Lafferty: “He is the invisible man.” Nice. It is now time to expose you to some of Lafferty’s writing, which will begin to illuminate his chronic invisibility. So much of his output is dangerously unquotable outside its immediate context, because it depends for its effect on the words flying madly around it, but occasionally a paragraph pops up that makes about as much sense within the story as without and is therefore safer for the plucking. Here’s one, from “Selenium Ghosts of the Eighteen Seventies,” Lafferty’s alternate history, published in 1978, of television: There seemed to be several meetings in this room superimposed on one another, and they cannot be sorted out. To sort them out would have been to destroy their effect, however, for they achieved syntheses of their several aspects and became the true meeting that never really took place but which contained all the other meetings in one theatrical unity. Don’t go away! On first read, yes, it’s nonsense, but this is the experience of experiencing Lafferty. He doesn’t make any sense, until you decide, and you must decide, that he does. Then, suddenly, he becomes a genius. Read the paragraph again. What’s he talking about? Today, you might realize he’s predicting Zoom: a main meeting full of individual nonmeetings taking place in chats and side slacks that together constitute a constant and overarching supermeeting! Tomorrow, it’ll sound like something else entirely. However you read him, you can’t read Lafferty quickly, because he literally won’t let you. He speeds up his stories, his sentences, his mythopoetic thoughts so that you all but have to slow yourself down. In “The Primary Education of the Camiroi,” he documents the education system of a neighboring planet, whose students can outthink Earthly postdocs by the equivalent of their elementary school. When
a young Camiroi girl is asked how rapidly she can read, she says she used to read an astonishing 4,000 words a minute. “They had quite a time correcting me of it,” she then admits. “I had to take remedial reading, and my parents were ashamed of me. Now I’ve learned to read almost slow enough.” You begin to see why people, even professional wordsmiths, fumble their way toward talking about Lafferty, a writer’s writer who wants to retrain the way his readers read. So instead, they invoke phrases like sui generis—or, just as often, can’t help but use the name of the artist to describe the work itself. A Laffertarian might refer to Lafferty’s short stories as Laffervescent Lafferties in the Laffertian genre of Laffertiana at the annual LaffCon. All of those eponymous autologies have been used by real people in real writing about Lafferty, seemingly because no other words would do. Lafferty would Lafferlove this (#laffoutloud). Among his many intellectual hobbies was etymology, and he had, he once said, “a rough reading knowledge of all the languages of the Latin, German, and Slavic families, as well as Irish and Greek.” One of his favorite writerly moves was to force his readers to think about where his words were coming from: “Thunder-struck,” he once wrote of certain imperiled characters, “they were literally astonished (which is the same thing latinized).” Huh? What’s that mean? Then you look up the word astonished—and realize that it literally comes from the Latin for “to thunder.” Nothing about Lafferty’s style is ordinary. He averages approximately one exclamation mark a page. He likes to address his readers as people. His favorite words, based on frequency of use, include shaggy, ensorcel, and obtain. Not obtain in the obvious, transitive sense of “to get,” no no, but in the less familiar, more philosophical, intransitive sense of “to succeed” or “to prevail.” As in, Lafferty does not obtain for most readers, perhaps because he often invents words outright. Novanissimus. Mithermenic. Runningest. Giganticals. Some are weirder than others. All are, in theory, parseable. But you don’t have to work them out if you don’t want to. In 0
8
4
fact, is all this linguistic babble—this “silvery gibberish,” as Lafferty would say— making it sound as though he’s difficult to read? Torturous? Impenetrable? Here’s the secret, people: He’s not. Not really. In some ways, he’s the easiest of them all.
UNLIKE, say, a Neil Gaiman type, Lafferty did not grow up reading much science fiction and fantasy. Nor did he dream of becoming a writer—he wouldn’t publish a word until his mid-forties. Born in Iowa in 1914, he was 4 or 5 years old when his family moved to Tulsa, Oklahoma, and, with the exception of the time he spent fighting in World War II, he lived there for the rest of his life. Not a lot is known about that life; the number of Lafferty scholars can be counted on one (half of a thumbless) hand. He was politically conservative and a devout Catholic who went to mass every day, and he worked for many years as an electrical salesman and technician. Some ways he described himself: left-handed, a fat man, a compulsive walker, not very interesting. Ways others described him: shy, soft-spoken, eccentric, brilliant. He never married and lived with one of his sisters. He seemed to consider women near-mystical beings. A minority in his stories, they’re nonetheless always
there, electric and extraordinary: often his very best characters. Lafferty was also an alcoholic. The reason he took up writing, he said, was to cut back on drinking, that “tricky old animal.” It’s unclear the extent to which he was successful in this. Over the course of his career, he was nominated for a handful of awards and won one Hugo, for the short story “Eurema’s Dam,” which he considered average but which remains the best portrait of a tech CEO ever written. “Albert hadn’t been a very well-adjusted adolescent, and he hated the memory of it,” Lafferty writes. “And nobody ever mistook him for an adjusted man.” Lafferty seems to have been talking about himself there, too; he once suggested he was “somehow deficient or lacking in person or personality.” On his occasional trips to sci-fi conventions and awards ceremonies, where he shocked readers by being much older than they thought he was, he was known to imbibe a little too freely. Helped him get over his shyness, friends said. And Lafferty’s writing does have a kind of mad-drunk clarity to it. This is not to say he wrote under the influence; apparently he never did. But there’s a moment before incapacitation, but after considerable consumption, where a drinker’s thoughts seem to sharpen, heighten, and laser in, and that’s the state Lafferty sustains, somewhat impossibly, in his prose. It rambles, it sweats, it nearly collapses, but then it triumphs and takes a bow. As he once
Used by permission of Special Collections & University Archives, University of California, Riverside
LAFFERTY AT THE 29TH WORLD SCIENCE FICTION CONVENTION IN 1971.
As Harlan Ellison said of Lafferty, “He is the
I NVI SIB LE MAN.”
so loopingly, lapidarily put it: “One does whatever one can for oneness that is greater than self.” You feel no pressure, reading a Lafferty. It’s like listening to a street preacher hold forth—you choose how and what to hear. The little that’s been written about him overemphasizes his religious and political beliefs, which are indeed all over his stories, but only if you want them to be. If you don’t, they’re simply tall tales, supremely well told—and many, about Native landowners (“Narrow Valley”), the speeding up of the technologized world (“Slow Tuesday Night”), and the fear of death (“Old Foot Forgot”), don’t feel Catholic or conservative at all. “Nine Hundred Grandmothers” follows a cultural anthropologist who travels deep underground on an alien planet to meet tinier and tinier ancient grandmas so he can discover the origin of life. (When he gets there, they laugh in his face.) In “Boomer Flats,” scientists search for Abominable Snowmen at the bottom of a muddy river. Possibly Lafferty’s all-time best (of the best) is “Thus We Frustrate Charlemagne,” in which a sentient robot serpent aids foolish humans in traveling, and inadvertently erasing themselves, through time. It’s simple, ingenious, and completely hysterical. By 1970, at age 56, Lafferty retired from electrical jobbing to write fulltime. He became “moderately successful,” as he put it. “It didn’t put me on easy street, but it put me on easy alley.” He didn’t have a style that grew more apparent and solidified over time, simply because his style was fully set from the beginning. The literal would always slip into the metaphorical and back again. Children would always talk like the smartest adults. Random characters would always be introduced only to die a sentence later—it was as if an occult hand had placed them there for reasons even beyond Lafferty’s knowing. Only people who already thought about writing all day seemed to fully get it. None of it made sense, all of it made sense, and he became the best short story writer in the world. And all the while, he was also writing a bunch of insane novels.
AN early editor of Lafferty’s told him two things: (1) Every story should start with a bang; and (2) never give a reader longer than 15 seconds before you “jerk him back.” So when Lafferty went to write his first novel, Past Master, published in 1968, he began it this way: The three big men were met together in a private building of one of them. There was a clattering thunder in the street outside, but the sun was shining. It was the clashing thunder of the mechanical killers, ravening and raging. They shook the building and were on the verge of pulling it down. They required the life and blood of one of the three men and they required it immediately, now, within the hour, within the minute. Three bangs, basically. And never a moment to breathe. It carries on like this for 200 pages. Simply put, Lafferty’s books are his short stories stretched profoundly past breaking, which is perhaps why he thought of them as inferior. “Choppy” was the word he used, in a 1983 interview with Amazing magazine. This is both literally true—his third book, Space Chantey, a retelling of The Odyssey as a space opera in which one Captain Roadstrum spends years trying to return home to “Big Tulsa the marvelous, the Capital of the World,” is so choppy it makes you space-sick—and also irrelevant to their heady pleasures. His novels all but implode with ideas. When the “three big men” of Past Master realize their perfect future utopia on the planet of Astrobe is about to collapse, they look around for a savior, eventually settling on a figure from Earth’s past: Thomas More, the 16th-century humanist who, before being beheaded by the King of England on charges of treason, wrote what’s regarded as the first work of utopian fiction. What the Astrobe men don’t realize is that More’s Utopia was, Lafferty maintains, a sat-
ire, which Past Master also becomes: a critique of sci-fi utopias as a satire of a satire! To get to Earth, the hero Paul has to use “Hopp-Equation travel,” during which he becomes left-handed, experiences a “total reversal of polarity,” and hallucinates the events of the rest of the novel. It all ends both fantastically and also, somehow, historically. Lafferty loved history. In fact, he preferred it to science fiction. Sci-fi was never native to him; those were simply the stories of his that sold early in his career, so he kept it up, mostly ignoring what others were doing and being, he said, “a little bit stubborn about writing my own stuff.” Over time, though, he seems to have realized the connection science fiction has to myth and history. Growing up, Lafferty was surrounded by stories—tall tales his father would spin to entertain the family, “old Indian stories” that his mother picked up as a school teacher of Native students in Oklahoma. When he became a writer, he found himself doing the same thing.
In 1972, Lafferty published one of his rare non-sci-fi novels, Okla Hannali, a history of the Choctaw Indians in the 19th century. A subset of the few (mostly writers) who have read it consider it an American classic on a par with Huck Finn and Bury My Heart at Wounded Knee, and it’s the only one of his books that’s consistently in print. (A division of Hachette UK published a rather sad-looking omnibus edition of three others, including Past Master and Space Chantey, in 2018.) In an introduction, Geary Hobson, a professor of English at the University of Oklahoma and the editor of The Remembered Earth: An Anthology of Contemporary Native American Literature, calls it “a rather unusual, totally extraordinary book.” It’s straighter than his sci-fi, perhaps, being based on real people, but it’s still classic Lafferty: formally inventive, mythopoetic, word-centric. The last bit of Lafferty you read here should be this, one of Okla Hannali ’s most startling passages:
Every s o of t e n s omeon e di sco ve rs him , a n d
CE RTAIN DE ST INIE S s ubtl y sh if t.
There is an interesting question in the Summa of St. Thomas Aquinas and also in an old science fiction story, the name of which I forget, concerning the paradox of free will and predestined fate. It asks whether a man in making a great decision that will forever set the seal on his future does not also set the seal on his past. A man alters his future, and does he not also alter his past in conformity with it? Does he not settle not only what manner of man he will be, but also what manner of man he has been? The science fiction story he’s referencing could, slyly, be his own—“Thus We Frustrate Charlemagne”—but it needn’t be. The point is that Native myths, Catholicism, and science fiction all ask versions of the same question: How preordained is destiny? In a single paragraph, Lafferty elevates sci-fi to the level of theology and ultimate truths, and unifies his entire artistic and thematic project in the process. Lafferty would write many more novels, some historical, most science fictional, all squirming inside the rigidity of categorization. He’d stop writing, due to health issues, in his seventies, and die, with almost all of his work out of print, in 2002. But every so often, someone discovers him, and certain destinies, both his and others’, subtly shift. Neil Gaiman will mention him in a blog post, sending a few readers off to find an affordable old copy of, say, Not to Mention Camels or Serpent’s Egg. (Good luck.) Or Jeff VanderMeer will include him in a new anthology, reminding those in the know of Lafferty’s deep, continuing influence. Samuel Delany has suggested that some of the genre’s worthiest books, such as his Triton and Le Guin’s The Dispossessed, are rooted in Lafferty’s strange un-utopias. Lafferty pushed them, as he did many others, to think bigger and weirder about the possibilities of the fantastic. Maybe that’s the final reason for Lafferty’s microfame as the sci-fi writer’s truest sci-fi writer. He did what the others couldn’t, and still can’t, do: He talked not only about the future but as the future, in a language truly outside the immediacies of time. Reflecting on his body of work, Lafferty once said he wasn’t so much writing individual stories as “one very very long novel,” with recurring characters and settings, that he’d never quite be able to finish. He called this hypothetical supernovel A Ghost Story, one forever haunted by gaps and hopes and spaces before the period. It is a novel, perhaps more than any other in the history of the world, that is about the fate of that world, the fate of us all. It is unknowable and incomplete. It is, in the end, a novel in which .
Jason Kehe (@jkehe) is a senior editor and culture
critic at wired . He writes about sci-fi/fantasy, animation, and the philosophy of technology.
Liabilities that helped get this issue out: Living above a chronically broken train track and the daily jackhammering, excavating, and surface drilling that comes with it; new apartment + Craigslist + Facebook Market place; Reese’s Peanut Butter Eggs next to the checkout lane; wearing slides in the Sonoran Desert; 50 grand of law school debt; an unplayed guitar and other abandoned pandemic hobbies; poor posture plus a year of commuting from the chair to the couch and back; bad puns, preserved via text; the mess of wires for every electronic device in creation crowding the floor of my child’s room; preor dering books and then forgetting about them; a sudden and deep interest in mezcal. is a registered trademark of Advance Magazine Publishers Inc. Copyright ©2021 Condé Nast. All rights reserved. Printed in the USA. Volume 29, No. 6. wi r e d (ISSN 1059– 1028) is published monthly, except for the combined July/August issue, by Condé Nast, which is a division of Advance Magazine Pub lishers Inc. Editorial office: 520 Third Street, Ste. 305, San Francisco, CA 941071815. Prin cipal office: Condé Nast, 1 World Trade Cen ter, New York, NY 10007. Roger Lynch, Chief Executive Officer; Pamela Drucker Mann, Chief Revenue & Marketing Officer, US; Jackie Marks, Chief Financial Officer. Peri odicals postage paid at New York, NY, and at additional mailing offices. Canada Post Publications Mail Agreement No.40644503. Canadian Goods and Services Tax Registra tion No. 123242885 RT0001. wi r e d
POSTMASTER: Send all UAA to CFS (see DMM
707.4.12.5); NONPOSTAL AND MILITARY FACILITIES: Send address corrections to wi r e d , PO Box 37617, Boone, IA 500370662. For subscriptions, address changes, adjust ments, or back issue inquiries: Please write to wi r e d , PO Box 37617, Boone, IA 500370662, call (800) 769 4733, or email subscriptions@ wi r e d .com. Please give both new and old addresses as printed on most recent label. First copy of new subscription will be mailed within eight weeks after receipt of order. Address all editorial, business, and production correspondence to wi r e d Magazine, 1 World Trade Center, New York, NY 10007. For per missions and reprint requests, please call (212) 630 5656 or fax requests to (212) 630 5883. Visit us online at www.wi r e d .com. To subscribe to other Condé Nast magazines on the web, visit wi r e d .condenet.com. Occasion ally, we make our subscriber list available to carefully screened companies that offer prod ucts and services that we believe would inter est our readers. If you do not want to receive these offers and/or information, please advise us at PO Box 37617, Boone, IA 500370662, or call (800) 769 4733. is not responsible for the return or loss of, or for damage or any other injury to, unsolicited manuscripts, unsolicited art work (including, but not limited to, drawings, photographs, and transparencies), or any other unsolicited materials. Those submit ting manuscripts, photographs, artwork, or other materials for consideration should not send originals, unless specifically requested to do so by wi r e d in writing. Manuscripts, photographs, artwork, and other materi als submitted must be accompanied by a selfaddressed, stamped envelope.
wi r e d
0
8
7
SIX-WORD SCI-FI: STORIES BY WIRED READERS
WIRED 29.06
IN SIX WORDS, WRITE A REVIEW OF A FUTURE WORK OF ART:
IT TICKLED ALL OF MY SENSES.
Jacky Reif via Facebook
↙
SO THAT’S AN AI SELF-PORTRAIT? —JASON COHEN, VIA FACEBOOK I PREFER BOSTON DYNAMICS’ EARLIER WORK. —@SSCARSDALE, VIA TWITTER
Honorable Mentions 0
8
8
NFT OR NOT, IT IS GREAT. —PETER BOERSMA, VIA FACEBOOK NOT AS GOOD AS BANKSY’S VIRUS. —SIMON O WRIGHT, VIA FACEBOOK
BRAVE TO SHOW AN UNFILTERED CANVAS. —@ALCESTRONAUT, VIA TWITTER NOT WHAT TELEPORTATION WAS INVENTED FOR. —@ARTURO_THRDEZ, VIA TWITTER SHAME MORTALS WILL NOT APPRECIATE IT. —@ASYLBEK0205, VIA INSTAGRAM REMINDS ME OF THE BEFORE TIMES. —JACQUELINE JAEGER HOUTMAN, VIA FACEBOOK
Every month, we ask for a new six-word story on Facebook, Twitter, and Instagram. Submit your ideas there, along with the hashtag #WIREDSIXWORD. And visit the archive at wired .com/ six-word to see how we’ve illustrated our favorites. ILLUSTRATION / VIOLET REED
JON RIMANELLI Founder and CEO, ASX.US