This week we talk about STELLARWIND, 9/11, and the NSA.

We also discuss warrantless surveillance, intelligence agencies, and FISA.

Recommended Book: Period: The Real Story of Menstruation by Kate Clancy

Transcript

Immediately after the terrorist attacks in the US on September 11, 2001, then President George W. Bush gave his approval for the National Security Agency, the NSA, to run a portfolio of significant and ever-evolving cross-agency efforts aimed at preventing future attacks of that kind, scale, and scope.

The thinking behind this collection of authorizations to various US intelligence agencies, which would operate in tandem with the NSA, was that we somehow didn't see this well-orchestrated, complex plan coming, and though revelations in later years suggested we kind of did, we just didn't act on the intelligence we had, in those early, post-attack days, everyone at the top was scrambling to reassure the country that things would be okay, while also worrying that more attacks from someone, somewhere, might be impending.

So the President signed a bunch of go-aheads that typically wouldn't have been signed, and the government gave a lot of power to the NSA to amalgamate the resulting intelligence data in ways that also wouldn't have previously been okay'd, but that, in those unusual circumstances, were considered to be not just acceptable, but desirable and necessary.

This jumble of intelligence service activities, approved by the president and delegated to the NSA, became known as the President's Surveillance Program, and they were kept secret, in part because of how unprecedented they were, and in part because those in charge didn't want to risk their opposition—those they knew about, like Al Qaeda, but also those that might be waiting in the wings to attack the US while it was perceptually weakened and vulnerable—they didn't want to risk those entities knowing what they were doing, what they knew about, how they were collecting data, and so on.

The info that was gleaned via these programs was compiled and stored in an SCI, which stands for Sensitive Compartment Information, and which refers to a type of document control system, a bit like Top Secret or Classified, in that it allows those running it to set what level of access people must have to view, process, use, or even discuss its contents, and this particular SCI was codenamed STELLARWIND.

Among other activities, the programs feeding data into the Stellarwind SCI mined huge databases of email and phone communications, alongside web-browsing and financial activities; all sorts of tracking information that's collected by various components of intelligence, law enforcement, and other government and government-adjacent services were tapped and harvested.

All of this data was then funneled into this one program, and though the degree to which this much information is useful up for debate, because having a slew of data doesn't mean that data is organized in useful ways, in 2004 the US Justice Department discovered that the NSA was not just collecting this sort of data when it was connected to foreign entities or entities that have been connected to terrorism, it was also collecting it from sources and people, including just average everyday Americans and small businesses that were doing no terrorism at all, and which had no links to terrorism, and it was doing so on American soil.

After this discovery, then-President Bush said, well, the NSA is allowed to do that, that's fine, but they can only look at collected metadata related to terrorism—so they can collect whatever they want, sweep up gobs of information, file-away whatever drifts into their expansive and undifferentiating nets, but they're not allowed to look at and use anything not related to terrorism; and with that clarification to keep the Justice Department from doing anything that might hinder the program, the president reauthorized it that same year, 2004.

There was disagreement within the government about the legality of all this, some entities saying that warrantless wiretapping of American citizens was illegal, even if the collected data was supposedly unusable unless some kind of terrorism connection could be ginned up to justify it. But those in charge ultimately decided that it would be irresponsible not to use these wiretapping powers the NSA wielded to protect American lives, and even said that Congress had no power to stop them from doing so, because it fell within their wheelhouse, that of defense against potential future foreign attack.

All of the President's Surveillance Programs officially expired on February 1 of 2007, but new legislation that same year, and more in 2008, extended some of these activities, all with the justification of protecting the US from future terrorist attacks, and in 2009, a report published by the Inspectors General of the country's intelligence agencies found, in essence, that the now-retired President's Surveillance Program went way beyond what was allowed, in terms of collecting this sort of data without a warrant, and indicated that there was little oversight keeping folks from looking at data they weren't supposed to be looking at, while also indicating that the program probably wasn't very effective—so there was all this data, collected on dubious legal grounds, approved during a period of fear and perceived vulnerability, that was also becoming this a major headache for folks concerned about what amounted to a big, secret surveillance program that was targeting the very people it was supposedly meant to protect from terrorism, all in the pursuit of purported security benefits that were more theoretical than real.

A former NSA codebreaker went on the record with WIRED magazine in 2012, outlining how the NSA was surveilling Americans in this way, which got the codename Stellarwind into the press as a consequence, and the following year, in 2013, the Washington Post and The Guardian published a draft of that 2009 Inspector General report that said the program was going far beyond the bounds of what was legal and right and effective—that draft leaked by NSA employee and subcontractor Edward Snowden.

Further revelations based on that leak came out in 2014, at which point there was abundant public evidence that much of what was happening within the Stellarwind program was kept secret even after supposed earlier divulgences, and a lot of it was seemingly very illegal, though this program still functions in various capacities and at various scales, even now, in 2024.

What I'd like to talk about today is a portion of the Stellarwind program that was recently extended, though not without controversy and pushback.

—

The Foreign Intelligence Surveillance Act, or FISA, was passed in 1978 in response to the fairly brazen and regular violations of Americans' privacy under the Nixon administration; namely that his government regularly spied on, and used intelligence and law enforcement services to mess with, political and activist groups that Nixon didn't like.

FISA was meant to establish guardrails for when and how that sort of surveillance could be conducted, who could access the relevant data, and how it could be used—though notably, all of this applied to collecting intelligence in US territory; the rules are a lot looser when it comes to surveillance of non-americans in other countries.

Among other things, FISA established the Foreign Intelligence Surveillance Court, which is a court that decides who can use these tools and access this data—they oversee the divvying-out of surveillance warrants—and FISA was the basis for all those President's Surveillance Programs following 9/11; so it was meant to prevent abuses of surveillance and intelligence tools by the US government against its citizens, and this general framework was used as a scaffolding for those enhanced surveillance powers the government gave itself after the 9/11 attacks; it was also a primary resource for those who found all those post-9/11 additional powers to be illegal oversteps.

One evolution of FISA following September 11 was the introduction of what's called Section 702, which is provision that allows the US government to undertake targeted surveillance efforts against non US citizens outside the US, leveraging the full weight of the US government to do so, including but not limited to coercing telecommunications companies, like internet or phone companies, to hand over whatever data and recordings and such they might have available.

Section 702 is meant to be very targeted and specific, never allowing the surveillance of any US citizen, anywhere, any person from any country who's in the US, or any foreign person located anywhere on the planet who is communicating with a US citizen—which is a technique that was previously leveraged by some components of Stellarwinds, the idea being that if you wanted to surveil an American but had no evidence they have links to terrorism, you would just capture their phone calls and other communications with non-Americans, and you'd be good to go.

There's a fairly rigid set of protocols involved in using Section 702 for surveillance, including Department of Justice oversight on every targeting request, and opportunities to deny the collection of, or subsequent access to data that is collected by a sequence of analysts who are disconnected from those requesting said data.

That's what the rules and processes for this provision say, anyway.

In practice, Section 702 has allegedly been used to track members of Congress, journalists, victims of various sorts of crime, political donors, and protestors—targeting them for surveillance, but also used to search existing data that's already been collected, baselessly, via so-called "backdoor searches" with no connection to terrorism or anything else that would allow for the formal use of these tools, seemingly in violation of those supposed hardcore guardrails, at the behest of the FBI, CIA, and NSA. And this seemingly happens on a fairly regular basis—more than 200,000 warrantless, backdoor searches are performed each year.

All of which adds interesting context to a recent congressional vote to reauthorize Section 702 for another two years, right as it was about to expire.

This extension vote was laden with drama, in part because two major US internet companies said they would no longer comply if Section 702 wasn't renewed, as the government had had its request to keep collecting data for another year approved, but it no longer had legal backing to demand such data from companies, with the ability to coerce them to hand over digital communications data, like email and text records, if they denied more polite requests. So these companies said, well, you can collect whatever data you can get your hands on, but you can't get your hands on our data, anymore.

There was also political drama, though, in the shape of former US President, and current Presidential candidate Trump's loudly stated antagonism toward renewing this provision, something that aligned him with privacy oriented groups that he typically doesn't like or align with.

A vote that would have ended all warrantless searches on these sorts of communications failed to pass earlier in April, due to a tied 212 to 212 vote in the House, and another that would have accomplished a similar outcome and which was voted upon a few days later was defeated by just a handful of votes.

The conflict here is seemingly that while there are significant and persistent privacy issues with this and related programs, it's also considered to be a potentially useful tool in the US intelligence community's utility belt. And though most politicians would like to be seen as defending the privacy of American citizen from prying government eyes, few want to be seen as hobbling its defense infrastructure, even if the defense value of this and connected programs have been questioned and challenged, time and time again.

What eventually helped a Section 702 extension bill attain approval from Congress was a compromise that approved the extension of some components of it, that allowed it to take new communications technologies into account, arguably making it more useful for surveillance purposes while simultaneously increasing the privacy risks it poses, but pairing those add-ons with a shortened extension period, down from five years to two. Which means it's likely there will be another showdown over whether it should be extended in just a few years, at which point it can be killed or further edited, depending on how this new, slightly iterated version, is functioning at that point.

All of which is interesting and newly relevant in part because we're stepping into what some have called a new Cold War, with all sorts of real-deal military conflicts on the ground threatening to expand and encompass more of the planet, alongside rifts in the relationships between behemoths like the US and China, which could erupt into larger versions of the same, if these governments aren't careful.

At such moments, we tend to see more support for measures that give heightened power to governments and other defense-oriented entities, even at the expense of individual rights.

So rather than clipping the wings of this and similar programs in a few years when renewal is once more on the docket, it may be that Congress further empowers it—depending on how today's conflicts play out, and how the relationships between the US and its primary rivals evolve in the meantime.

Show Notes

https://www.washingtonpost.com/national-security/2024/04/19/fisa-702-surveillance-internet/

https://www.washingtonpost.com/national-security/2024/04/20/congress-extends-controversial-warrantless-surveillance-law-two-years/

https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act

https://www.dni.gov/files/CLPT/documents/2023_ASTR_for_CY2022.pdf#page=24

https://www.intelligence.gov/assets/documents/702%20Documents/declassified/2023/FISC_2023_FISA_702_Certifications_Opinion_April11_2023.pdf#page=89

https://www.dni.gov/files/icotr/Section702-Basics-Infographic.pdf

https://www.aclu.org/issues/national-security/warrantless-surveillance-under-section-702-fisa

https://www.brennancenter.org/our-work/research-reports/whats-next-reforming-section-702-foreign-intelligence-surveillance-act

https://www.brennancenter.org/our-work/research-reports/fisa-section-702-civil-rights-abuses

https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act

https://www.nytimes.com/2024/04/20/us/politics/senate-passes-surveillance-law-extension.html

https://en.wikipedia.org/wiki/President%27s_Surveillance_Program

https://en.wikipedia.org/wiki/Sensitive_compartmented_information

https://en.wikipedia.org/wiki/Stellar_Wind

This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about diplomatic immunity, Trump’s court cases, and the Supreme Court.

We also discuss Nixon, Clinton, and the US Constitution.

Recommended Book: My upcoming book, How To Turn 39 (https://books2read.com/htt39), which is available for pre-order today :)

Transcript

There's a concept in international law—diplomatic immunity—that says, in essence, certain government officials should be immune from the laws of foreign countries, including those within which they're operating.

This is a very old concept, based on similar rights that were granted to envoys and messengers back in the oldest documented periods of human civilizations.

The idea is that if different cultures, whether organized into tribes or kingdoms or nation states, are going to be able to deal with each other, they need to maintain open and reliable means of communication. Thus, the folks tasked with carrying messages between leaders of these different groups would need to be fairly confident that they wouldn't be hassled or attacked or prosecuted by the people they were bringing those messages to, and whose messages they were bringing back to their own leaders.

Such representatives have at times been imprisoned or killed by their hosts, but this is relatively rare, because any governing body that treated ambassadors from other cultures in this way would have trouble dealing with anyone outside their current legal sway, and that would in turn mean less trade, less reliable peace, and less opportunity to generally cross-pollinate with cultures they might benefit from cross-pollinating with.

As a general rule, at least in the modern iteration of diplomatic immunity, folks operating under the auspices of this policy can still be punished for their misdeeds, it's just that they'll generally be declared persona non grata, expelled from the country where they did something wrong, rather than punished under that country's laws.

In some rare instances a country hosting a misbehaving or criminal ambassador or other diplomat might ask that person's home country to waive their immunity, basically saying, look, this person killed someone or got drunk and drove recklessly through our capitol city's downtown, we'd like to try them in our courts, and it may be that the government running that misbehaving person's home country says, okay, yeah, that's messed up, you go ahead; but usually—even if that person has done something truly reprehensible—they'll instead say, no, sorry, we'll pull them back and they won't be allowed to return to your country or serve as an ambassador anywhere else, because they've shown themselves to be unreliable, and we might even try them in a court here, in their home country, but we can't allow our people, no matter what they do, to fall under the legal jurisdiction of some other nation, because that would set a bad precedent, and it may make people wary of working for us in this capacity in the future—surely you understand.

There are tiers of diplomatic immunity, depending on the seniority of the diplomat or other representative in question, and the Congress of Vienna of the early 1800s charted out the basis for how these things work, in much detail, formalizing a lot of what was already in the ether back then, and creating an outline that was then further formalized in 1961's Vienna Convention on Diplomatic Relations, which has been almost universally ratified and respected, though of course there's been a lot of grey area in terms of what harassment of a representative, which is a no-no according to this convention, entails, and to what degree it can be proven, and thus punished, if violated.

We saw a lot of grey area utility during the height of the Cold War in particular, in part because many diplomats were moonlighting as spies, which is still true today, though it was even more overt and worrisome to their host countries, back then, so harassment, kidnappings, even assassinations of diplomats were more common then, than today, though they were still almost universally done covertly so that no one seemed to be violating these nearly universally accepted terms.

What I'd like to talk about today is another type of legal immunity—in this case, Presidential Immunity in the US—and why this type of immunity is at the center of former US President Trump's ongoing legal cases.

—

In the United States, many politicians and high-level appointees enjoy some of the immunity-related privileges in their own country that diplomats of various stripes have traditionally enjoyed elsewhere.

Most of these figures are only protected by this immunity under very specific circumstances, though, not universally.

Judges, while doing court-related, judge-work, for instance, have absolute civil immunity—so a judge who falls afoul of the law in the course of their duty as a judge, doing judge-things, will tend to get away with whatever it is they did wrong, though this won't generally apply to non-judge things they do during that same period

So a judge would have trouble arguing that they should get off with a warning for murdering someone because they happened to kill that person while they were on their lunch break, but they would likely be okay if they accidentally ruled in a way that exceeded their jurisdiction, even if their having done so caused all sorts of secondary problems.

Similarly, and also within the US court system, a prosecutor can't be sued for withholding evidence, even if their having done so leads to a wrongful conviction, which would be a bad thing that happened as a result of their actions, but because they acted while performing their protected duty, they'll almost certainly be okay from a legal standpoint, even if not always a moral one.

These are not rules novel to the US system of governance; most of them were borrowed from earlier forms of the same, and a lot of the US's version of these immunity rules are derived from those that exist within the British parliamentary system, where parliamentarians can't be prosecuted for things they say while in Parliament, and the same is true for politicians while engaged in their work on the floor of the US House of Senate.

Interestingly though, while the US Constitution provides that kind of legislative immunity to Congresspeople, it doesn't grant the same, or anything similar, to the President; and this was apparently a hotly debated topic back in the Constitution-writing days, as those who set up the rules of the land were aware that it might be beneficial to allow folks at the top some legal leeway, so they don't make executive decisions based on whether or not they might be sued or otherwise punished for those decisions, but at the same time they really didn't want another king, or similarly authoritarian ruler to step into office and then get away with murder—perhaps literally.

So the constitution doesn't give the President of the United States the same immunity as other members of government, but a slew of cases in the 19th and 20th centuries found, in general, that if the president or members of the president's cabinet take actions that are "more or less" within the scope of their duties, they should be granted absolute immunity, protecting them from lawsuits and legal punishments.

A court case against President Nixon in the 1970s made that previously somewhat vague and general legal trend more formal, at first triggering a bunch of lawsuits against him and his people, but then a 1982 Supreme Court decisions said, in essence, that former or current presidents are immune from lawsuits related to anything that falls within the "outer perimeter" of their duties, due to the president's "unique status under the Constitution."

This legal precedent was tested in the mid-1990s when then-President Bill Clinton was sued for sexual harassment during his governor of Arkansas days, and a lower court, then the Supreme Court, both affirmed that presidential immunity doesn't protect the president from things they did before taking that highest government office.

As a result of all that, today we have a legal context in which the President is kind of granted some immunity for some things they do while in office, but the delineation between protected and not-protected is fuzzy, and there's a whole lot of theory on this matter, but less in the way of actual court precedent that establishes confident footing for anyone stepping into this corner of the legal world.

All of which is newly relevant in 2024 because former President Trump is currently being prosecuted for all sorts of things in several different jurisdictions. And part of his legal strategy is based on a sort of Hail Mary play that's made its way to the Supreme Court, and which is premised on the concept of Presidential Immunity.

But before we get to that case, let's talk real quick about the other cases that are currently in progress, all of which that bigger Supreme Court case may influence, depending on how it turns out.

Beginning this week, as of the day this episode goes live, the week of April 15, 2024, Trump is scheduled to be in court four days a week for the next six to eight weeks, facing 34 criminal charges related to falsifying business records in order to get payoff money to Stormy Daniels, allegedly to cover up an affair they had, which he didn't want becoming public while he was running for his first term in office.

Tentatively beginning in late-May of 2024, Trump will face 40 criminal charges in Florida for allegedly mishandling sensitive documents, and his alleged conspiracy to keep those documents even after the government demanded them back.

A federal case in which Trump faces four criminal charges related to his alleged effort to overturn the 2020 presidential election results was originally meant to begin the first half of this year, but it's looking increasingly likely it won't occur until after the November presidential election, as the judge overseeing the case has postponed it until after the Supreme Court makes their decision about presidential immunity, though there's a chance it could start as early as August, despite that delay.

And Trump faces 10 criminal charges for the same general collection of alleged efforts to overturn the 2020 election in Georgia, alongside 18 alleged co-conspirators; that trial has a proposed start date of August 5, but that would be tricky, as it would mean the trial could run through Election Day, which would be awkward and would likely complicate things further.

Trump has also dealt with a flurry of recent civil, so non-criminal, no jail time possible, just fines, lawsuits, including one related to sexual assault and his defamation of the person he sexually assaulted, which led to a big payout recently, and another in New York related to his misrepresentation of the value of his real estate holdings in the state, which led to an even bigger fine, but which is currently being appealed.

There's another federal civil case that's ongoing, Thompson v. Trump, which is related to the attack on the US Capitol by Trump's fans on January 6, 2021, and that's especially relevant here because, already, the judge in that case, ruled that Trump's presidential immunity does not shield him from this lawsuit, and an appeals judge ruled the same.

There's now a Supreme Court case, which I mentioned earlier, that consolidates three separate civil lawsuits into one, Trump v. United States, and this case asks, in essence, whether Trump should be protected from these lawsuits by presidential immunity; that same immunity that was upheld in many cases in recent memory, though in different contexts.

The reason this Supreme Court case is so fundamental here is that it could impact many or all of those other cases, plus others that might arise related to Trump's actions in the future, as it would give him a sort of legal whammy on just about anything he could argue was done within the perview of his role as President.

Thus, he could argue he wasn't trying to overturn the 2020 election that he lost, he was looking into what he considered to be legitimate election irregularities as part of his duty as President. And if some other things happened as a result of that effort, like his supporters breaking into the Capitol building, he should be protected from that under the auspices of this immunity.

Those two DC court judges that earlier ruled Trump wasn't protected by presidential immunity said that it's in the public interest to hold presidents accountable for their actions, because not doing so would leave anyone who holds that office "unbounded authority to commit crimes."

They determined that it was worth the possibility that a president might make some executive decisions from a perspective of worrying about later lawsuits if it would prevent the creation of a political office from which someone could legally get away with any crime they chose to commit, including but not limited to, theoretically at least, assassinating their political rivals.

The big question now is how the Supreme Court will decide on this matter; some people are predicting that the heavily slanted toward conservative justices court will be more likely to find in Trump's favor, though they've defied those expectations several times in recent years, in some cases seeming to take advantage of their current 5 or 6, depending on how you measure, versus 3, conservative to liberal composition in order to get a bunch of Republican priorities accomplished, like overturning Roe v. Wade, which protected the right to an abortion at the federal level, but in other cases they've made what seem to be more objective rulings, defying assumptions made based on those ideological leanings—so there's no way to know one way or the other on this, right now. We'll likely find out, though, sometime in May or June, as the court will begin considering these claims on April 25 of this year, and it's expected they'll have their ruling sometime in those subsequent two months.

Until then, though, some of these other cases are a bit up in the air, as the granting of enhanced immunity could make Trump's current and potential future cases a slam-dunk for his defense team, while a ruling in favor of the contemporary, fuzzy standard, or one that weakens that standard, at least for his specific context, would deny him that potentiality.

That said, Trump's defense team seems to have also been making use of the abundant delay tactics that are available within the US justice system, and there's a chance that if he delays long enough and then wins another term as president in November, that would allow him, when he steps back into office early next year, to either pardon himself or order someone in his government to get rid of the charges against him.

Which is part of why the prosecutors working opposite him have been politely but firmly asking the judges in charge of these cases to pick up the pace, because there's a looming possibility that even if the courts decide against Trump in some key cases, he could still get off Scott free, because of that other apparent loophole in the system that would allow a sitting President to get away with just about anything, though in this case because of a different, in practice immunity-granting mechanism.

Show Notes

https://www.washingtonpost.com/news/opinions/wp/2014/01/30/7th-circuit-pokes-a-hole-in-prosecutorial-immunity/

https://en.wikipedia.org/wiki/Trial_of_Donald_Trump

https://en.wikipedia.org/wiki/Indictments_against_Donald_Trump

https://www.nytimes.com/interactive/2023/us/trump-investigations-charges-indictments.html

https://www.nytimes.com/article/trump-investigations-civil-criminal.html

https://www.pbs.org/newshour/politics/trumps-2024-trials-where-they-stand-and-what-to-expect

https://www.washingtonpost.com/politics/interactive/2023/trump-investigations-indictments/

https://www.bbc.com/news/world-us-canada-68577638

https://www.bbc.com/news/world-us-canada-61084161

https://www.theatlantic.com/ideas/archive/2024/03/donald-trump-legal-cases-charges/675531/

https://archive.ph/JFsIB

https://en.wikipedia.org/wiki/Indictments_against_Donald_Trump

https://apnews.com/article/trump-jury-selection-hush-money-trial-manhattan-56d540406cd174ab143fe12469e9adef

https://apnews.com/article/donald-trump-michael-cohen-stormy-daniels-e40532d3bce7768e296fdaf9591ef05b

https://www.wsj.com/us-news/law/trump-criminal-hush-money-trial-begins-2a1bdd15

https://www.reuters.com/world/us/fallout-trumps-bid-overturn-election-loss-heads-supreme-court-2024-04-14/

https://www.reuters.com/legal/special-counsel-urges-us-supreme-court-reject-trump-immunity-bid-2024-04-09/

https://en.wikipedia.org/wiki/Trump_v._United_States_(2024)

https://en.wikipedia.org/wiki/Presidential_immunity_in_the_United_States

https://en.wikipedia.org/wiki/Absolute_immunity

https://en.wikipedia.org/wiki/Parliamentary_immunity

https://en.wikipedia.org/wiki/Diplomatic_immunity

https://www.britannica.com/topic/diplomatic-immunity

https://en.wikipedia.org/wiki/Vienna_Convention_on_Diplomatic_Relations

This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about Linux, backdoors, and the Open Source community.

We also discuss CPU usage, state-backed hackers, and SSH.

Recommended Book: The Underworld by Susan Casey

Transcript

In the world of computers, a "backdoor" is a means of accessing a device or piece of software via an alternative entry point that allows one to bypass typical security measures and often, though not always, to do so in a subtle, undetected and maybe even undetectable manner.

While backdoors can be built into hardware and software systems by the companies that make those devices and apps and bits of internet architecture, and while some governments and agencies, including the Chinese government, and allegedly folks at the NSA, have at times installed backdoors in relevant hardware and software for surveillance purposes, backdoors are generally the domain of tech-oriented criminals of various stripes, most of whom make use of vulnerabilities that are baked into their targets in order to gain access, and then while inside the administration components of a system, they write some code or find some kind of management lever meant to give the company or other entity behind the target access for non-criminal, repair and security purposes, and that then allows them to continue to gain access in the future; like using a rock to prop open a door.

Concerns over a backdoor being installed in vital systems is fundamental to why the US and European governments have been so hesitant to allow Chinese-made 5G hardware into their wireless communication systems: there's a chance that, with the aid, or perhaps just at the prodding of the Chinese government, such hardware, or the software it utilizes, could contain a Trojan or other packet of code, hidden from view and hardcoded into the devices in some covert manner; these devices could also harbor even smaller devices, indistinguishable from hardware that's meat to be there, that would allow them to do the same via more tangible means.

Though there were almost certainly other economic and technology-dominance reasons for the clampdown on products made by Chinese tech company Huawei beginning in earnest in 2012, and escalating rapidly during the US Trump administration, that process was at least ostensibly tied to worries that a Chinese company, prone to spying and stealing foreign tech, already, might incorporate itself into fundamental global communication infrastructure.

It was underpricing everybody else, offering whizbang new high-end 5G technology at a discount, and supposedly, if the accusations are true, at least, doing so as part of a bigger plan to tap into all sorts of vital aspects of these systems, giving them unparalleled access to all communications, basically, but also giving them the ability, supposedly, to shut down those systems with the press of a button in the event that China wants or needs to do so at some point, if they ever decide to invade Taiwan, for instance, and want to distract the Western world until that invasion is complete, or just make rallying a defense a lot more difficult.

Other, confirmed and successfully deployed backdoors have been found in all sorts of products, ranging from counterfeit Cisco network products, like routers and modems, some of which were installed in military and government facilities back in 2008 before they were recognized for what they were, to Microsoft software, Wordpress plugins, and a brand of terminals that manage the data sent along fiber-optic cables, mostly for high-speed internet purposes.

Again, in some cases, the entities making these products sometimes do install what are literally or essentially backdoors in their hardware and software because it allows them to, for instance, help their customers retrieve lost passwords, fix issues, install security updates, and so on.

But backdoors of any shape or size are considered to be major security vulnerabilities, as stealing a password or getting access to a vital terminal could then grant someone with bad intentions access to absolutely everything, giving them god-like control over all aspects of a customer's information and operations, or maybe all of the company's customer's information and operations, and that creates a single point of failure that most companies want to avoid, because at a certain point there's no real way to prevent a truly determined and well-funded foe if they know the payout for investing in accessing that terminal or getting that password would be that substantial.

What I'd like to talk about today is a long-term effort to do exactly that, the target, in this case, being small, but the potential payoff of backdooring it being pretty much as big as you can imagine.

—

XZ Utils is the name of an Open Source data compression utility, which means that it squishes data in such a way that no information is lost, but so that big files and other packets of information become smaller, and that makes it faster and easier and cheaper to send that data from place to place.

XZ is popular in part because it's effective, in many cases outperforming other free alternatives, like gzip and bzip2, but it also supports an older compression model called LZMA, and it exists in the public domain, which means it's incredibly inexpensive to use, free, for most purposes.

It's especially popular in Linux and other Unix-like systems, and in practice that means it's used across these systems so that when data is moved from place to place, it's compressed and decompressed, putting less pressure on the systems themselves, almost like reducing the weight of everything you have to carry throughout the day, without any reduction in quality or the nature of those books and bags and laptops and other things you're hauling around all the time; even small reductions in that weight could make a big difference in the strain on your body, over time, and this utility accomplishes the same for the systems that incorporate it.

So this software utility is super useful, is free to anyone who wants to use it, and it's better than a lot of other options, and it's thus been baked into a bunch of fundamental computer infrastructure, like most Unix-like systems. And that's important for a lot of reasons, but the most immediately concerning issue is that the vast majority of servers that run the tech world—basically all the major tech companies, and all the companies they work with—manage their services with Linux.

XZ isn't just important for folks who have laptops running on Linux, then, it's also vital to the functionality of huge chunks of the internet; stats from the past few years show that about 96.3% of the top million web sites run on Linux servers, and a substantial amount of non-web-serving servers do, as well.

All of which sets the stage for the hubbub that arose on March 29, 2024, when a Microsoft employee named Andres Freund announced that, after looking into a decrease in performance in a version of Linux called Debian—a distinction between how fast it should have been going and how fast it was going of about 500 milliseconds, and that minor slowdown bugged him enough to look into what newer, experimental versions of XZ Utils were doing to the Debian operating system he was working with—after looking into that issue, he announced that he had discovered a backdoor in XZ that was causing errors in a memory debugging tool built into the software, and using more CPU power than Debian otherwise would have used.

So he announced this discovery, reported it to an open source security mailing list, to make it known amongst the right people, and that alerted the folks who were experimentally incorporating this new build of XZ into their software.

As it turns out, this backdoor, had it been implemented in all this software and spread across the servers that manage the web, would have granted whomever had access to it the ability to alter the behavior of the local instance of the Secure Shell Protocol, or SSH, which is what protects servers while they operate on open networks like the internet.

The degree to which this would have damaged the web, as it exists today, cannot be overstated. This problem was given a Common Vulnerability Scoring System ranking, which rates the alarmingness of software issues based on how much damage they could potentially cause, which helps computer security professionals figure out which problems to address first, a score of 10, which is the highest possible score.

In theory, this would have granted the person or other entity with backdoor access the ability to get into essentially any server touching the internet with full administrator privileges, making all that information transparent to them, providing them all information about users, passwords, banking information, everything everyone has ever posted to social media, private communications, research and technology secrets—it's really just boggling thinking about how much damage could have been caused by the right person or people, as such a backdoor would basically do away with most of the security measures they might encounter while attempting to infiltrate and even take over pretty much anyone.

Because it was discovered by Freund, though, and because he got word out to the right people as quickly as he did, the cybersecurity world was able to pivot pretty quickly, advising everyone who had implemented these test versions to roll back to earlier versions of the relevant software, and the folks behind XZ quickly released updated versions of the utility that removed the backdoor problem.

This also triggered a response in the wider software world as many developers have started to reduce the damage future, similar backdoors would be able to cause by reducing the connections and dependencies it took advantage of to function.

So this was a big enough deal that even something as arcane as compression utilities and SSH became front-page news around the world, but arguably one of the most interesting aspects of this story is what we know about the person or people who seem to have installed this backdoor.

Someone, or group of someones, going by the name Jia Tan, alongside an array of sock puppet accounts—fake accounts with different names that they also managed—started to contribute to the maintenance and development of this project, which is common in the open source world; that's part of what makes open source software and systems so powerful and desirable, despite often not having much in the way of funding or official support from big-name companies; they're often passion projects maintained by maybe just one or a few or a handful of dedicated developers.

In 2021, this entity that became known as Jia Tan started contributing to open source projects, and then contributed a patch to XZ via its mailing list.

Around that same time, several people who hadn't been seen in this project's community, previously, started to complain that it wasn't being updated fast enough, and arguing that another maintainer should be brought on board, to help it move along faster.

This Jia Tan character then started making a lot more contributions to the project, all of them seemingly innocuous and helpful, though in retrospect at least one of them changed a function that would have detected the more malicious changes they ultimately submitted, later.

In February of 2024, Tan submitted changes for the new version of XZ Utils that incorporated a backdoor, and groups of people in this larger open source community, possibly sock puppet accounts, started telling the developers who run Debian, Ubuntu, and Red Hat, all popular versions of Linux, they should incorporate this new version with those backdoor-incorporating changes into their operating systems.

There are strong suspicions, but little evidence, at this point at least, that Jia Tan and those other sock puppet accounts were run by a well-funded and skilled, probably government-backed hacking group, like one of the entities that often work as proxies for Russia's SVR—their intelligence agency that tends to support local hacking groups to do this sort of dirty work; though again, we can't say that with any certainty, as a lot of government-backed hacking groups could pull off something like this, with enough patience, years worth of patience, and it's still possible that this was a single hacker seeing a soft-target and the potential for a huge payoff if it all worked out.

That said, because of the approach this threat actor, whomever they actually are, took to target this utility, and because of how close they got to doing what they intended to do, which would have been devastating, probably even world-changing in some ways, the relationship that big tech and governance has with the open source world is being reassessed, because often the folks running these projects are just individual people doing all this important work in their free time. But because of how the tech world has evolved, huge swathes of the internet and other vital infrastructure are reliant on these single-person, passion-projects that are potential targets for cooption or, as seems to have been the case here, using what's called social engineering to manipulate the folks behind these projects, which can then gives more access to all the stuff they manage, and thus, the things that rely on the stuff they manage, to entities that want to cause harm.

Again, and this cannot be emphasized enough, we just barely dodged a bullet here, and the only thing that prevented a huge amount of potential destruction was the effort of another single person who was, almost on a whim, hacking away on a little problem they wanted to look into, and who thus stumbled upon this issue right before it reached a scale that would have been truly problematic.

And all of these issues were arguably the result of someone who found themself in the position of maintaining, more or less solo, a utility that became vital to global cybersecurity, and which thus made them the target of a sophisticated social engineering campaign.

Show Notes

https://en.wikipedia.org/wiki/Backdoor_(computing)

https://en.wikipedia.org/wiki/Hardware_backdoor

https://en.wikipedia.org/wiki/Social_engineering_(security)

https://www.zdnet.com/article/linux-has-over-3-of-the-desktop-market-its-more-complicated-than-that/

https://arstechnica.com/security/2024/04/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world/

https://research.swtch.com/xz-timeline

https://research.swtch.com/xz-script

https://news.ycombinator.com/item?id=39895344

https://www.runtime.news/sabotage-in-the-software-supply-chain/

https://news.ycombinator.com/item?id=39903685

https://www.theverge.com/2024/4/2/24119342/xz-utils-linux-backdoor-attempt

https://www.wired.com/story/jia-tan-xz-backdoor/

https://www.404media.co/xz-backdoor-bullying-in-open-source-software-is-a-massive-security-vulnerability/

https://www.nytimes.com/2024/04/03/technology/prevent-cyberattack-linux.html

https://www.economist.com/science-and-technology/2024/04/02/a-stealth-attack-came-close-to-compromising-the-worlds-computers

This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about cacao, plantations, and bean-to-bar chocolate.

We also discuss black pod disease, swollen shoot virus, and seed pod currency.

Recommended Book: The City & The City by China Miéville

Transcript

The cocoa bean, also called "cacao," is a seed derived from the cocoa tree, which is native to the Amazon Rainforest in South America.

More than 5,000 years ago, near present day Ecuador, the Mayo-Chinchipe culture domesticated and cultivated this tree, which then found its way north into Mesoamerica—so parts of Central America, and modern day Mexico—and that's where we actually thought it came from until a handful of years ago, when new research pushed the initial domestication date back by about 1,500 years, tracking its path down into Ecuador by identifying cocoa residue on pottery from that time period down in that region.

But way back then, it's thought that the pulp of this seed was used primarily to create an alcoholic beverage that was fermented to about the same alcohol percentage as a consumer-grade, modern day beer—just over 5%—and because of that utility in making this popular beverage, it was used as a currency in some parts of South and Central America.

It's worth noting, too, that this tree and its seed would have originally been called kakawa, which was then turned into an Aztec derivative word much later, cacauatl, which then became cacao, when the Spanish colonized the region, and cacao then became cocoa when introduced to English-speaking parts of the world—and that variation of the word took over in the age of post-WWII globalization, due in large part to the popularization of chocolate products from English-speaking countries like the US and the UK, cacao only recently being reintroduced on that scale to differentiate more expensive cocoa products from those that have become mainstream.

Also worth noting is that in addition to being used to produce a popular alcoholic beverage way back in the day, the cocoa bean was also turned into a kind of frothy spiced drink by Aztec royalty and other higher-ups in this part of the world, and that drink was enjoyed by high-born members of society for several thousand years, the beverage used in all sorts of rituals.

And to make it, cocoa was whipped together with vanilla and other spices and sweeteners to produce something akin to a sort of hot chocolate the modern person would recognize, though leaning a lot more into those spices than most modern chocolates, rather than sugars and fats.

This wasn't a widely available thing in most areas, and it probably wasn't the main end-product for most cocoa beans for most of history, as that alcoholic drink and its many derivatives were a lot more broadly available and widely disseminated.

That said, different groups, across this region and across time, including the Maya and the Olmecs, had their own variations of this hot cocoa-like drink, and there's even an Aztec story that Quetzalcoatl was outcast by the other gods in their pantheon for sharing chocolate with humans, and some regional experts have speculated that the ritual of extracting the hearts from human sacrifices in the Aztec empire might be connected to the process of extracting the cocoa pulp from the cocoa bean seed pod when producing this beverage; though that's pretty speculative.

The Aztecs came later than a lot of the other cultures in this region that partook in chocolate-related rituals and made cocoa-related goods, so that's likely part of why their rituals surrounding this drink were more elaborate than those of their neighbors, contemporary and forebear, but it's likely that the nature of the bean itself, which only grows in a finite region, about 20 degrees north and south of the equator, also had something to do with it.

Because of that limited range, the Aztecs couldn't grow cocoa in their territory, and that meant it was always a luxury import for them, which meant—like many luxuries, even today—only the richest members of society could afford it, and that helped them differentiate themselves from the chocolate-less plebeians.

This changed somewhat following the arrival of the Europeans in the Americas, when the Spaniards, who were maybe originally introduced to the drink by Montezuma or one of his underlings, brought the drink back home with them, eventually creating a new market for producers, though Europeans were not initially a fan of it, and mostly seemed to indulge because it seemed exotic, but early on they realized that because this bean already served as a unit of currency in many of the areas they were exploring and exploiting, it allowed them to deal with locals in a familiar way: this many cocoa beans for one thing, this many for another—it made negotiations and payment a lot cleaner and clearer, and cocoa beans could be easily transported for trade while also being useful, in a pinch, as a stable source of food while in transit, which compared favorably to other food goods they were bringing back home from their explorations and invasions, like bananas.

What I'd like to talk about today is the modern chocolate market, and a dramatic price increase in cocoa beans that's raising eyebrows and concerns around the world.

—

The modern chocolate market has expanded in the years since Montezuma and the Spanish conquistadors to cover the whole of the globe, with products based on the cocoa bean on shelves in every country—even shut-ins like North Korea.

In 2022, the global chocolate industry was worth something like $116 billion, which is more than double the $50 billion or so it was worth in 2009, and analysts expect this market's compound annual growth rate, which tallies the increase in the industry's return on investment each year, to remain steady at around 3.4%, which is solid, and predicated on the increase in the dark chocolate market, especially amongst health-conscious consumers, and the burgeoning plant-based and vegan chocolate markets, which further reinforce the perception of some chocolate as being a luxurious and healthful indulgence.

Such luxury upbranding is key to those CAGR assumptions, as positioning some of these products as more expensive, but better versions of what's long been available allows chocolate companies to sell relatively less product for relatively higher prices, and that means expanding their customer base while also increasing their profit-margins.

All of which would be vital for this sort of industry even during normal times, but it's even more important when things are going sideways with an industry's access to raw materials, which seems to be what's happening in the world of chocolate.

In the 20th century, especially the late-20th century, the brands that were selling the most chocolate to the most people, globally, started gobbling up their competition. This period of acquisition and consolidation left us with about a dozen big chocolate manufacturers, globally, including names you've almost certainly heard of, like Cadbury, which is the biggest such company in the world, but also Hershey, Mars, Neuhaus, Ferrero, and Milka.

Some of these companies, like Nestlé, are what's called bean-to-bar chocolate manufacturers, but most of the titans in this space melt chocolate from other manufacturers into their end-products, only using the bean-to-bar model for a few high-end offerings.

But there are a slew of bean-to-bar companies still in operation, today, they just tend to be a lot smaller, because this model requires that they process their own cocoa beans in-house, rather than outsourcing, which tends to be required to achieve the scale that companies like Hershey and Mars have reached; it's a lot more time-intensive and expensive to do it this way.

That said, the expansion of the chocolate market into a multi-billion, then more than $100 billion global industry necessitated expanding the footprint of its base-level production beyond its traditional South and Central American origins.

Several other locations within that 20 degrees north and south of the equator spectrum have thus seen cocoa trees introduced, but the biggest producer of cocoa, today, is Côte d'Ivoire, the Ivory Coast, in Western Africa, where about 45% of the world's cocoa was cultivated, as of 2022, which amounted to around 2.2 million tonnes that year, alone.

Neighboring Ghana comes in second, producing about half as much as Ivory Coast, with about 1.1 million tonnes produced that same year, and Indonesia is a distant third, producing about 667,000 tonnes in 2022.

Combined with Ivory Coast's output, Ghana's cocoa bean industry, plus the smaller outputs of nearby Nigeria and Cameroon, account for about 70% of all the cocoa produced anywhere in the world.

Ecuador, where the cocoa tree was seemingly first domesticated, is now all the way down in fourth place, producing about 337,000 tonnes of the bean for export in 2022.

Because of the nature of how cocoa beans are harvested, and where, chocolate companies have huge sway over local politics and economics, and the folks doing the harvesting have historically not been treated terribly well, and in some cases their ranks have been filled with children.

In some such areas, people are trafficked or enslaved and put to work harvesting cocoa beans, and even those who are there of their own behest are paid very little by international standards, not even a living wage (based on the cost of things like shelter and food in their regions), their incomes artificially capped by an agreement with the cocoa bean-buying industry, and though Fair Trade certification has become more common for many chocolate companies, demonstrating their commitment to paying better wages, and in turn allowing the folks producing the raw materials for their chocolates to actually be able to afford to buy chocolate products, which is not the case for those working in non-Fair Trade conditions, that's still not the norm, and in some areas the conditions faced by workers are pretty bleak, many of them children under the age of 15, many of them forced to work for various reasons, and all of them making just enough money to survive, but nothing beyond that, and in some cases, barely that.

Most of these beans, the ones that end up in chocolate produced by those bigwig entities that dominate the global chocolate trade, are mixed together with beans from other locations on commodity markets, these companies buying them by the metric ton, similar to other food commodities that are traded in this way, like soybeans, milk, and palm oil.

Distinct from most other commodities right now, though, is the increase in price cocoa beans are seeing on these markets.

In 2022, the average price for a metric tonne of cocoa beans was somewhere between $2,200 and $2,500.

That's of a kind with the typical pricing for the past decade or so, and though there was a massive spike in 1977, which was only about $5,700 per tonne in unconverted money, but that's about $28,000 per tonne if we account for inflation—so that was a pretty bad year for chocolate lovers and companies—but other than that and a few other aberrations through the decades, cocoa beans have been a pretty stable commodity, at least compared to other commodities that are thus traded.

In February of 2024, though, cocoa bean prices shot up from those $2,500-ish per tonne prices all the way to around $6,000 per tonne, and then in March cocoa futures hit a record (unconverted for inflation) price of about $10,000 per tonne, which is a staggering leap of something like 4 to 5 times the usual cost.

This price jump is being attributed to a confluence of variables, most of them contributing to a series of poor harvests in Ghana and the Ivory Coast, which again, together, account for most of the world's cocoa bean output.

The El Niño phenomenon that's been messing with the global water cycle and increasing average global temperatures since July of 2023 is partly the blame here, as are the creeping effects of climate change, which have, in practice, moved the ideal growing areas for all sorts of plants, because of a tweak to the average global temperature knobs that have nudged things higher in most parts of the world, while also making weather patterns more irregular, compared to what we've become used to.

Those climate nudges have also allowed diseases to spread faster and to new regions, including those that impact plants.

Extreme and unusual rainfall in Western Africa sparked outbreaks of black pod disease, which usually hits after wet season, and all that rain was followed by a period of extreme dryness and drought, which stoked the spread of swollen shoot virus, which reduces output by up to 25% in the first year of infection, up to 50% in the second, and which ultimately kills its hosts, the cocoa trees, and once it spreads to a plantation, the whole plantation, all the trees, usually have to be uprooted and burned, new trees planted in their stead, before things can get up and running again—all of which takes a lot of time and resources.

Cocoa manufacturers have been underinvesting in their plantations and smaller cocoa producers for years; so it's not just their workers that they're under-investing in, it's the infrastructure surrounding those workers, which is often decrepit and unsafe, and which has left them prone to these newly aggressive diseases and unusual climate happenings.

And a lot of the cocoa produced in these top-producing countries are run by small-holders, not by large-scale plantations. And because these small-holders are often almost as impoverished as the people working on the plantations, they don't have the money to invest in treating disease or uprooting and replacing all their trees, and that's led to a surge in illegal mining operations in cocoa growing areas, because illegal miners come in and say they'll pay the owners of the land where they want to dig a reliable, if still small income, and those landowners don't really have a choice—cocoa doesn't provide them enough money to do more than sustain themselves, so they take what they can get, and every time this happens, that's less prime cocoa-growing land that's being used to grow cocoa.

Because of all this, the mid-season crop coming out of Ivory Coast, the biggest producer in the world, is expected to be about a third lower than usual this year, and Ghana's production is expected to hit a 22-year low; hence, those dramatically hiked prices, which have been further inflamed by market maneuvers meant to protect investors from irregularities, but which have the practical effect of raising prices in the short-term, creating more volatility, not less.

This price-surge and negative overall outlook for the industry is causing a fair bit of concern for the global chocolate market, which has some stockpiled supply of beans, but which is struggling to account for this increase in overall cost, and is thus attempting to prepare their customers for price hikes and fresh instances of shrinkflation: which basically means selling the same product for the same price, but with less of the product in the package; so maybe a candy bar selling for the same price as before, but the bar is 2/3 its former size.

This has been a big discussion topic recently in part because of the recent Easter holiday, which is a big day for chocolate sales in many parts of the Western world in particular, so this situation is topical news, but also because it's representative of what's happening in other commodity and non-commodity markets, as well, as a result of many of the same factors.

The global supply of coffee beans has been shrinking since 2021, labor and other systemic issues contributing to that, but the climate also changing where coffee grows best, and thus making life hard on the folks who currently grow most of it, in what were previously the optimal regions for doing so, but which aren't any longer, and may no longer be capable of growing these beans at all in a few decades, the way things are going.

Olive oil is likewise seeing record-high prices in 2024, the price of extra virgin olive oil up 70% from a year previous, and 260% from two years ago, due to widespread drought across the Mediterranean, where most olives are grown, and because of a bacteria that's infecting olive trees more enthusiastically than ever before because of all that heat and drought.

The banana industry is also raising alarms, too, as the change in global temperatures and the water cycle are combining with a collection of increasingly aggressive diseases and infections that are impacting banana growing regions in Australia, Asia, Africa, and South America, necessitating a clean-sweep approach similar to those used to get a cocoa bean plantation ready to grow, again, post-infection, requiring a lot of additional investment and leading to a lot of waste and diminished expectations.

Most of these industries have enough of a backlog and stockpile to keep prices on shelves constant for a while after this sort of hit, but for all of these industries, prices are expected to go up, possibly permanently, because of this seeming new reality, and because of the nature of the entities operating in these spaces, and the systems they've deployed to keep their goods flowing to the entities that turn them into products that end up in stores around the world.

So while chocolate is the first to really hit the public consciousness in terms of the companies that own this space trying to prepare their customer base for what's about to happen by making it known that their core prices have grown shockingly high, it's likely we'll continue to see this sort of base-level inflationary impact on all sorts of goods in the coming years, unless something fundamental changes about the variables impacting supply, or the business model they use to sustain their industries.

Show Notes

https://finance.yahoo.com/news/chocolate-market-size-worth-usd-191300029.html

https://www.theguardian.com/environment/2024/mar/29/easter-eggs-chocolate-cacao-harvests-cocoa-prices-aoe

https://www.cnbc.com/2024/03/26/cocoa-prices-are-soaring-to-record-levels-what-it-means-for-consumers.html

https://archive.ph/YnZH7

https://apnews.com/article/easter-chocolate-africa-farmers-cocoa-ghana-4a4d58a4e6076c8d46258c1b4dc414c4

https://archive.ph/SbWVF

https://archive.ph/wPhkk

https://www.visualcapitalist.com/worlds-top-cocoa-producing-countries/

https://www.statista.com/statistics/263855/cocoa-bean-production-worldwide-by-region/

https://www.confectioneryproduction.com/news/47651/cocoa-sector-reaches-crisis-point-as-crop-prices-hit-10000-a-tonne/

https://ycharts.com/indicators/cocoa_bean_price

https://www.aljazeera.com/gallery/2024/3/30/chocolate-prices-to-keep-rising-as-west-africas-cocoa-crisis-deepens

https://investorplace.com/2024/03/olive-oil-coffee-and-cocoa-prices-oh-my-3-grocery-store-items-to-watch/

https://www.bbc.com/news/science-environment-68534309

https://www.ucl.ac.uk/news/2024/mar/analysis-cocoa-beans-short-supply-what-means-farmers-businesses-chocolate-lovers

https://www.france24.com/en/live-news/20231220-illegal-mining-smuggling-threaten-ghana-s-cocoa-industry

https://www.sciencedirect.com/science/article/pii/S0022316622143798?via%3Dihub

https://www.sciencedaily.com/releases/2018/10/181029130945.htm

https://en.wikipedia.org/wiki/Chocolate

https://en.wikipedia.org/wiki/Cocoa_bean

This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about the Rwandan genocide, the First and Second Congo Wars, and M23.

We also discuss civil wars, proxy conflicts, and resource curses.

Recommended Book: Everyday Utopia by Kristen R. Ghodsee

Transcript

The Democratic Republic of the Congo, or DRC, was previously known as Zaïre, a name derived from a Portuguese mistranscription of the regional word for "river."

It wore that monicker from 1971 until 1997, and this region had a rich history of redesignations before that, having been owned by various local kingdoms, then having been colonized by Europeans, sold to the King of Belgium in 1885, who owned it personally, not as a part of Belgium, which was unusual, until 1908, renaming it for that period the Congo Free State, which was kind of a branding exercise to convince all the Europeans who held territory thereabouts that he was doing philanthropic work, though while he did go to war with local and Arab slavers in the region, he also caused an estimated millions of deaths due to all that conflict, due to starvation and disease and punishments levied against people who failed to produce sufficient volumes of rubber from plantations he built in the region.

So all that effort and rebranding also almost bankrupted him, the King of Belgium, because of the difficulties operating in this area, even when you step into it with vast wealth, overwhelming technological and military advantages, and the full backing of a powerful, if distant, nation.

After the King's deadly little adventure, the region he held was ceded to the nation of Belgium as a colony, which renamed it the Belgium Congo, and it eventually gained independence from Belgium, alongside many other European colonies around the world, post-WWII, in mid-1960.

Almost immediately there was conflict, a bunch of secessionist movements turning into civil wars, and those civil wars were amplified by the meddling of the United States and the Soviet Union, which supported different sides, funding and arming them as they tended to do in proxy conflicts around the world during this portion of the Cold War.

This period, which lasted for about 5 years after independence, became known as the Congo Crisis, because government leaders kept being assassinated, different groups kept rising up, being armed, killing off other groups, and then settling in to keep the government from unifying or operating with any sense of security or normalcy.

Eventually a man named Mobutu Sese Seko, usually just called Mobutu, launched a real deal coup that succeeded, and he imposed a hardcore military dictatorship on the country—his second coup, actually, but the previous one didn't grant him power, so he tried again a few years later, in 1965, and that one worked—and though he claimed, as many coup-launching military dictators do, that he would stabilize things over the next five years, restoring democracy to the country in the process, that never happened, though claiming he would did earn him the support of the US and other Western governments for the duration, even as he wiped out any government structure that could oppose him, including the position of Prime Minister in 1966, and the institution of Parliament in 1967.

In 1971, as I mentioned, he renamed the country Zaïre, nationalized all remaining foreign owned assets in the country, and it took another war, which is now called the First Congo War, to finally unseat him. 

And this conflict, which began in late-1996, spilled over into neighboring countries, including Sudan and Uganda, and a slew of other nations were involved, including but not limited to Chad, the Central African Republic, Rwanda, Burundi, Angola, Eritrea, South Africa, Zambia, Zimbabwe, Ethiopia, and Tanzania, alongside foreign assistance granted to various sides by France, China, Israel, and covertly, the United States.

The conflict kicked off when Rwanda invaded Zaïre, more neighboring states joined in, all of them intending to take out a bunch of rebel groups that the Mobutu government was no longer keeping in line: Mobutu himself having long since fallen ill, and thus lacking the control he once had, but still profiting mightily from outside influences that kept him as a friendly toehold in the region.

So these other nations sent military forces into Zaïre to handle these groups, which were causing untold troubles throughout the region, and the long and short of this conflict is that it only lasted a few months, from October 1996 to May 1997, but the destruction and carnage was vast, everyone on both sides partnering up to take out rebels, or in the case of those rebels, to join up against these government militaries, and all of them using the opportunity to also engage in violence against ethnic enemies with whom they had long-simmering beefs.

This led to the collapse of Mobutu's government, the country was renamed the Democratic Republic of the Congo when a new government was installed, but very little changed in terms of the reality of how that government functioned, so all the same variables were still in place a year later, in 1998, when what's now called the Second Congo War kicked off, informed by basically the same problems but bringing even more African governments into the fighting, many of them pulled into things by alliances they had with involved neighbors.

And just as before, a variety of groups who felt aggrieved by other groups throughout the region used this conflict as an excuse to slaughter and destroy people and towns they didn't like, including what's been called a genocide of a group of Pygmy people who lived in the area, around 70,000 of them killed in the waning days of the war.

In mid-2003, a peace agreement was signed, most of the warring factions that had fought in Congolese territory were convinced to leave, and it was estimated that up to 5.4 million people had died during the conflict.

What I'd like to talk about today is what's happening in the DRC, now, at a moment of heightening tensions throughout the region, and in the DRC in particular, amidst warnings from experts that another regional conflict might be brewing.

—

A transition government was set up in the DRC in 2003, following the official end of that Second Congo war, and this government, though somewhat weak and absolutely imperfect in many ways, did manage to get the country to the point, three years later, in 2006, that it could hold an actual multi-party election; the country's first ever, which is no small thing.

Unfortunately, a dispute related to the election results led to violence between supporters of the two primary candidates, so a second election was held—and that one ended relatively peacefully and a new president, Joseph Kabila, was sworn in.

Kabila was reelected in 2011, then in 2018 he said he wouldn't be running again, which helped bring about the country's first peaceful transition of power when the next president, from the opposing party, stepped into office.

During his tenure in office, though, Kabila's DRC was at near-constant war with rebel groups that semi-regularly managed to capture territory, and which were often supported by neighboring countries, alongside smaller groups, so-called Mai-Mai militias, that were established in mostly rural areas to protect residents from roaming gangs and other militias, and which sometimes decided to take other people's stuff or territory, even facing off with government forces from time to time.

Violence between ethnic groups has also continued to be a problem, including the use of sexual violence and wholesale attempted genocide, which has been difficult to stop because of the depth of some of the issues these groups have with each other, and in some cases the difficulty the government has just getting to the places where these conflicts are occurring, infrastructure in some parts of the country being not great, where it exists at all.

That 2018 election, where power was given away by one president to another, peacefully, for the first time, was notable in that regard, but it was also a milestone in it marked the beginning of widespread anti-election conspiracy theories, in that case the Catholic Church saying that the official results were bunk, and other irregularities, like a delay of the vote in areas experiencing Ebola outbreaks, those areas in many cases filled with opposition voters, added to suspicions.

The most recent election, at the tail-end of 2023, was even more awash with such concerns, the 2018 winner, President Tshisekedi, winning reelection with 73% of the vote, and a cadre of nine opposition candidates signing a declaration saying that the election was rigged and that they want another vote to be held.

All of which establishes the context for what's happening in the DRC, today, which is in some ways a continuation of what's been happening in this country pretty much since it became a country, but in other ways is an escalation and evolution of the same.

One of the big focal points here, though, is the role that neighboring Rwanda has played in a lot of what's gone down in the DRC, including the issues we're seeing in 2024.

Back in 1994, during what became known as the Rwandan genocide, militias from the ruling majority Hutu ethnic group decided to basically wipe out anyone from the minority Tutsi ethnic group.

Somewhere between a 500,000 and a million people are estimated to have been killed between April and July of that year, alone, and that conflict pushed a lot of Hutu refugees across the border into the eastern DRC, which at the time was still Zaïre.

About 2 million of these refugees settled in camps in the North and South Kivu provinces of the DRC, and some of them were the same extremists who committed that genocide in Rwanda in 1994, and they started doing what they do in the DRC, as well, setting up militias, in this case mostly in order to defend themselves against the new Tutsi-run government that had taken over in Rwanda, following the genocide.

This is what sparked that First Congo War, as the Tutsi-run Rwandan government, seeking justice and revenge against those who committed all those atrocities went on the hunt for any Hutu extremists they could find, and that meant invading a neighboring country in order to hit those refugee groups, and the militias within them, that had set up shop there.

The Second Congo War was sparked when relations between the Congolese and Rwandan governments deteriorated, the DRC government pushing Rwandan troops out of the eastern part of their country, and Kabila, the leader of the DRC at the time, asking everyone else to leave, all foreign troops that were helping with those Hutu militias.

Kabila then allowed the Hutus to reinforce their positions on the border with Rwanda, seemingly as a consequence of a burgeoning international consensus that the Rwandan government's actions following the genocide against the Tutsis had resulted in an overcompensatory counter-move against Hutus, many of whom were not involved in that genocide, and the Tutsis actions in this regard amounted to war crimes.

One of the outcomes of this conflict, that second war, was the emergence of a mostly Tutsi rebel group called the March 23 Movement, or M23, which eventually became a huge force in the region in the early 20-teens, amidst accusations that the Congolese government was backing them.

M23 became such an issue for the region that the UN Security Council actually sent troops into the area to work with the Congolese army to fend them off, after they made moves to start taking over chunks of the country, and evidence subsequently emerged that Rwanda was supporting the group and their effort to screw over the Congolese government, which certainly didn't help the two countries' relationship.

Alongside M23, ADF, and CODECO, a slew of more than 100 other armed, rebel groups still plague portions of the DRC, and part of the issue here is that Rwanda and other neighboring countries that don't like the DRC want to hurt them to whatever degree they're able, but another aspect of this seemingly perpetual tumult is the DRC's staggering natural resource wealth.

Based on some estimates, the DRC has something like $24 trillion worth of natural resource deposits, including the world's largest cobalt and coltan reserves, two metals that are fundamental to the creation of things like batteries and other aspects of the modern economy, and perhaps especially the modern electrified economy.

So in some ways this is similar to having the world's largest oil deposits back in the early 20th century: it's great in a way, but it's also a resource curse in the sense that everyone wants to steal your land, and in the sense that setting up a functioning government that isn't a total kleptocracy, corrupt top to bottom, is difficult, because there's so much wealth just sitting there, and there's no real need to invest in a fully fleshed out, functioning economy—you can just take the money other countries offer you to exploit your people and resources, and pocket that.

And while that's not 100% what's happened in the DRC, it's not far off.

During the early 2000s and into the 20-teens, the DRC government sold essentially all its mining rights to China, which has put China in control of the lion's share of some of the world's most vital elements for modern technology.

The scramble to strike these deals, and subsequent efforts to defend and stabilize on one hand, or to attack and destabilize these mining operations, on the other, have also contributed to instability in the region, because local groups have been paid and armed to defend or attack, soldiers and mercenaries from all over the world have been moved into the area to do the same, and the logic of Cold War-era proxy conflicts has enveloped this part of Africa to such a degree that rival nations like Uganda are buying drones and artillery from China to strike targets within the DRC, even as China arms DRC-based rebel groups to back up official military forces that are protecting their mining operations.

It's a mess. And it's a mess because of all those historical conditions and beefs, because of conflicts in other, nearby countries and the machinations of internal and external leaders, and because of the amplification of all these things resulting from international players with interests in the DRC—including China, but also China's rivals, all of whom want what they have, and in some cases, don't want China to have what they have.

In 2022, M23 resurfaced after laying low for years, and they took a huge chunk of North Kivu in 2023.

For moment that same year, it looked like Rwanda and the DRC might go to war with each other over mining interests they control in the DRC, but a pact negotiated by the US led to a reduction in the military buildup in the area, and a reduction in their messing with each other's political systems.

In December of 2023, though, the President of the DRC compared the President of Rwanda to Hitler and threatened to declare war against him, and UN troops, who have become incredibly unpopular in the region, in part because of various scandals and corruption within their ranks, began to withdraw—something that the US and UN have said could lead to a power vacuum in the area, sparking new conflicts in an already conflict-prone part of the country.

As of March 2024, soldiers from South Africa, Burundi, and Tanzania are fighting soldiers from Rwanda who are supporting M23 militants in the eastern portion of the DRC, these militants already having taken several towns.

Seven million Congolese citizens are internally displaced as a result of these conflicts, having had to flee their homes due to all the violence, most of them now living in camps or wandering from place to place, unable to settle down anywhere due to other violence, and a lack of sufficient resources to support them.

Rwanda, for its part, denies supporting M23, and it says the Congolese government is trying to expel Tutsis who live in the DRC.

Burundi, located just south of Rwanda, has closed its border with its neighbor, and has also accused Rwanda of supporting rebels within their borders with the intent of overthrowing the government.

Most western governments have voiced criticisms of Rwanda for deploying troops within its neighbors' borders, and for reportedly supporting these militant groups, but they continue to send the Rwandan government money—Rwanda gets about a third of its total budget from other governments, and the US is at the top of that list of donors, but the EU also sends millions to Rwanda each year, mostly to fund military actions aimed at taking out militants that make it hard to do business in the region.

So changes in political stances are contributing to this cycle of violence and instability, as are regular injections of outside resources like money and weapons and soldiers.

And as this swirl of forces continues to make the DRC borderline ungovernable, everyday people continue to be butchered and displaced, experiencing all sorts of violence, food shortages, and a lack of basic necessities like water, and this ongoing and burgeoning humanitarian nightmare could go on to inform and spark future conflicts in the region.

Show Notes

https://archive.ph/lk0mN

https://en.wikipedia.org/wiki/Joseph_Kabila

https://en.wikipedia.org/wiki/Rwandan_genocide

https://gsphub.eu/country-info/Democratic%20Republic%20of%20Congo

https://en.wikipedia.org/wiki/Economy_of_the_Democratic_Republic_of_the_Congo

https://www.reuters.com/world/africa/why-fighting-is-flaring-eastern-congo-threatening-regional-stability-2024-02-19/

https://archive.ph/lk0mN

https://www.aljazeera.com/news/2024/2/21/a-guide-to-the-decades-long-conflict-in-dr-congo

https://www.cfr.org/global-conflict-tracker/conflict/violence-democratic-republic-congo

https://en.wikipedia.org/wiki/March_23_Movement

https://en.wikipedia.org/wiki/Kivu_conflict

https://en.wikipedia.org/wiki/Congo_Free_State

https://en.wikipedia.org/wiki/Mobutu_Sese_Seko

https://en.wikipedia.org/wiki/Congo_Crisis

https://en.wikipedia.org/wiki/1965_Democratic_Republic_of_the_Congo_coup_d%27%C3%A9tat

https://en.wikipedia.org/wiki/First_Congo_War

https://en.wikipedia.org/wiki/Second_Congo_War

This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about mergers, acquisitions, and the Shale Oil Revolution.

We also discuss liquid natural gas, energy diplomacy, and political hypocrisy.

Recommended Book: Eversion by Alastair Reynolds

Transcript

For the sixth year in a row, the United States is the largest oil producer in the world.

As of March 2024, it's producing an average of 12.93 million barrels of oil per day, according to the US Energy Information Administration, and it periodically pops above that average for stretches of time, like in December of last year when it managed to average just over 13.3 million barrels per day.

That's an absolutely astonishing volume of oil.

For context, while Saudi Arabia remains the holder of the world's most substantial spare oil capacity and was the largest oil exporter in 2023, they set aside plans to increase output to 12 million barrels a day back in January, which leaves them about a million barrels a day shy of the expansion target they set in 2020.

In 2023, the US produced about 28% more oil than Russia and about 33% more than Saudi Arabia, on average.

The US is becoming a huge player in oil exports, too, but it really shines if you look at not just crude oil, but also natural gas liquids and refined petroleum products. In aggregate, in 2023, the United States exported nearly the same volume of these products that both Saudi Arabia and Russia produced, not exported, which is pretty wild.

As is the fact that in December of 2023, the US exported about 400 billion more cubic feet of natural gas than it imported; and it imports a lot, and it only started exporting natural gas a few years ago, so that's the figure for an industry that didn't even exist until 2016, and didn't really grow until the 2020s.

The US hasn't always been this kind of force in the global oil market. It's long been a consumer of huge quantities of the stuff, but while it produced a decent amount until the late-90s, competing with Russia and trailing Saudi Arabia, though not by much, US production levels dropped substantially beginning in the early 90s, the US becoming a huge importer of fossil fuels, its production levels dipping down to something closer to those of Iran by the mid-2000s; when 9/11 happened in 2001, one of the big concerns was that the US's fundamental reliance on Middle Eastern oil would complicate its military options and hamstring its economy.

That all changed, though, with what became known as the Shale Revolution, when the widespread investment in and deployment of hydraulic fracturing, or "fracking" technologies, combined with developments that allowed for horizontal drilling, opened up huge swathes of new oil-rich territories in the US and Canada, making what were previously usable, but incredibly expensive to exploit fossil fuel resources less expensive and easier to tap, and southern US states in particular saw a wave of new and expanded drilling, leading to a surge in the US's production output, and ultimately allowing the US to become the top producer in the world beginning in 2018.

The degree to which this has changed things, geopolitically, cannot be overstated, in the US and globally.

Stateside, petroleum prices became less tethered to the whims and political motivations of mostly Middle Eastern nations and Russia, which, working together via the OPEC+ oil cartel, were long able to threaten and coerce the US government and its allies in various ways.

That remained the case for a while, even after this shale oil boom, as production and export figures weren't optimally aligned. But as this new reality has set in, the US government has been more strategic in how it has stockpiled fossil fuels resources and how it's been willing to use those stockpiles to manage price fluctuations, for itself and its allies, when warranted.

This has also been important for manufacturing, shipping, and other energy-hungry aspects of the US economy, and it has stoked booms in all sorts of consumer-facing industries, alongside the deployment of power-hungry infrastructure like new power plants and data centers.

Globally, this increased production has allowed the US to become a player in energy diplomacy, exporting fuel to allies that needed it because of disasters or foreign meddling, and recently, the US has taken this up a notch by bolstering Europe's energy supplies in the wake of Russia's invasion of Ukraine—an invasion that led to sanctions from the EU against Russia, those sanctions arriving more slowly than they might have otherwise arrived because of concerns that Russia's stranglehold on much of the bloc's energy resources might turn into a chokehold, hobbling their economies, military preparedness, and civilian support for the sanctions, because people would be paying extreme prices for ever-shrinking volumes of energy.

In the decades leading up to that invasion, many European nations, especially Germany, completely recalibrated their economies so they could profit from Russian fuel, so the fear that those fuel supplies would dry up if they made the wrong move, supported Ukraine too ardently, was a significant concern and shaped a lot of what happened in those early days of the invasion.

The US started exporting liquified natural gas to the bloc, though, which is gas that's turned into a liquid using incredibly low temperatures, which shrinks it so that it's easier and cheaper to ship. And these shipments arrived first in drips and drabs, because the infrastructure on the receiving end, to convert that chilly liquid gas back into room-temperature, full-volumed gas, needed to be installed, but once that infrastructure was in place, LNG began to arrive from the US in huge volumes, a whole new energy economy popping up essentially overnight, relative to how these things typically go, anyway. And that enabled more and sterner sanctions from the EU, of a kind that may not have been feasible, lacking that energy resource backstop.

What I'd like to talk about today is another, even more recent development within the US oil industry, and what it might mean for the future of this industry.

—

In 2023 alone, the businesses that make up the US energy sector spent about $250 billion scooping up clients, suppliers, and rivals.

A poll of energy executives in December of the same year suggested we could see another $50 billion or so invested in more acquisitions and mergers over the next two years, and in 2024, so far, as of mid-March, we've already seen APA buy Callon, Chesapeake buy Southwestern, Talos buy QuarterNorth, and Sunoco acquire NuStar; these deals all close at the tale-end of Q1 or in Q2 2024, and they were worth around $4.5, $7.4, $1.29, and $7.3 billion, respectively, so nearly $20.5 billion worth of big oil industry deals, already, and the year is just getting started, so that $50 billion figure is looking prescient.

The majority of next-step deals are expected to center around the Permian Basin, which is located in western Texas, with a little bit of overflow across the border into New Mexico.

This basin is the highest-producing oil field in the US, generating nearly 6 million barrels of oil and around 25 billion cubic feet of natural gas each day, as of early 2024, and this is a region of intense investment and growth; oil fields around the country are shutting down, and that increase in gas and oil production that we're seeing is mostly the consequence of more effective technologies and upgrades in the hardware and software being used by the industry.

So better exploration, better tools to get to the best pockets of resources, better capturing technologies and means of shuttling what they pump from place to place—it's a full stack of better tech and systems, and that is allowing the industry to consolidate its sprawl into fewer areas, many of them in the Permian Basin, and that's thought to be part of why we're seeing so much consolidation at the moment: more investment in fewer wells and fields in a smaller portion of the country is leading to more output, and that means the bigger companies with more R&D capacity and higher-end assets will tend to have a bigger advantage than their more dispersed, smaller rivals.

It's anticipated, though, that a collection of variables, including that consolidation, will actually slow the growth of the US's fossil fuel-based energy industry, at least for the next few years.

Less activity from fewer business entities and fewer investments that will lead directly to higher output is expected to nudge that 12.93 million barrels a day up by maybe 120,000 or 170,000 barrels per day, rather than the previously projected 1 million barrel a day increase.

That's the EIA projection, as least—some other analysts have higher expectations, in some cases double or quadruple that range, but the general consensus is that more of the oil wealth in this region being owned by larger entities that are aiming for consolidation, not growth in the sense of exploring and exploiting a bajillion new wells, will likely lead to a period of more tempered industry-wide growth, and probably a period in which these now-bigger companies will be focusing on getting all their ducks in a row, reducing redundancies and inefficiencies in their new, combined collection of assets, and possibly eyeballing other acquisition targets, as well—so that'll means more investment in efficiencies, less investment in upping those already sky-high production numbers.

All of this is happening within the context of efforts, globally, to reduce humanity's reliance on and use of fossil fuels. And that's led to some strange combinations of policies and political messaging, and no shortage of claims of hypocrisy from all sides of the conversation.

Case in point: even as US President Biden has celebrated US energy independence and the associated security enabled and supported by this expansion of fossil fuel production and processing, he has also flogged and signed all sorts of laws and regulations meant to reduce oil use and to increase the deployment of solar, wind, and other clean energy sources.

He's also pushed hard for government investment in clean energy and related infrastructure, including things like electric vehicles and upgrades for homes, and he's not alone in this: other wealthy nations in particular have been pushing hard to emphasize and enable this transition, as all the data indicates the faster we shift away from burning fossil fuels and engaging in other emitting activities, the less destructive the impacts of human-amplified climate change will be, and the less expensive it will ultimately be to adapt to those new realities, and to stop making them worse; to fully transition to a net-zero, and then eventually, a practically non-emittive future.

This seemingly bipolar stance can be disorienting, especially for those it directly impacts.

And consequently, rather than making everyone happy, as both sides of the climate change, renewables conversation are getting a fair bit of what they want due to these seemingly opposing investments, it's mostly just pissing everyone off, as environmentalists, climate change activists, and everyday people who are concerned about the impacts of the changing climate that they're seeing around them, more and more each year, are irritated that the segue to a non-emittive energy future isn't happening faster, while oil, gas, and coal companies are peeved that they're being elbowed out, despite having arguably gotten the country to where it is today, provide the US economy with a substantial chunk of its overall income and wealth, and in a very real way enable modern, everyday life—even for those people who want them and their products to disappear as quickly as possible.

That perception of hypocrisy is difficult to sidestep, then, because while, yes—there has been a lot of new, clean infrastructure deployed, many EV and similar companies have been invested in, and on the other side there have been all those big expansions of oil and gas infrastructure and an increase in the market for those sorts of products—these two narratives are also in diametric opposition to each other, at least in the long-term, and slow-walking a transition away from fossil fuels makes climate change worse, its impacts more devastating and longer-lasting, the worst stuff arriving faster, too, while the shift toward cleaner energy is stealing market share from those emittive energy companies, and this movement toward renewables puts a cap on fossil fuel companies' very existence, as well—some policies suggesting that they can't exist, or at least not exist at any real scale, doing the type of business they've always done, past a certain, government-mandated date.

And both of these perspectives are arguably true; so those victories both sides are accumulating are often lost in the sea of concomitant victories for the perceptually opposing side, which manifest as losses for the non-victorious side.

It's worth noting, too, that both sides actually have pretty good arguments, in isolation.

Lacking the dominant, fossil fuel-based energy sources of today, the US military wouldn't be able to operate; it simply wouldn't be able to function, which would have all sorts of knock-on effects, until and unless all of those vehicles and missiles and other bits of hardware could be replaced with cleaner versions of the same.

Lacking a full-scale replacement of every fuel-chugging car, bus, train, jet, and other piece of transportation infrastructure, the US economy would come to a halt, overnight, and that would wreak untold havoc in-country and around the world.

There's a chance that certain plastic goods would disappear, too, and a gobsmackingly large portion of all things created in the modern world are made of some kind of plastic, which is a petroleum product, and the well-being of that industry is in some ways correlated with the well-being of the rest of the industry's efforts.

That said, if we don't shift away from the use of these fuels and materials soon, we may lose the ability to counter some of the worst impacts of climate change, including many that are deadly, like overpowered and more regular storms and heatwaves, and others that will take out ecosystems and the creatures living in those ecosystems, permanently, changes to their conditions arriving so quickly they don't have a change to adapt.

Military conflicts and economy collapses may seem quaint compared to the cost and loss of lives and treasure associated with forthcoming, more common, climate change-triggered disasters and norm-shifts.

There's some indication that some Big Oil companies are making tweaks to how they do things in order to reduce the distance between their economic priorities and the priorities of folks who want them to stop pumping more fossil fuels from the ground.

Top mining officials from Saudi Arabia recently announced they're building out the systems and hardware necessary to extract the more than $2.5 trillion worth of metals they're so far located in their territory, for instance, and other state-run businesses have suggested they intend to do the same: leveraging their knowledge, tools, and expertise to mine and process some of the resources that'll be most necessary (and thus, valuable) for the transition to cleaner energy.

Some US-based Big Oil companies have made announcements about their own intentions in this regard, some saying they'll pull lithium from their oil wells, while others claim they're investing in rare earth mining infrastructure.

ExxonMobil recently announced that it would be returning to one of its old, long-closed oil wells in a small town in Arkansas to mine lithium there, which could be beneficial for their bottom line, but also for folks in that region who were left in the lurch when Exxon left to refocus on Texas in the 1990s.

A coal company operating in Wyoming, with the help of the US Department of Energy, recently discovered what could be one of the largest rare-earth metal deposits in the world, and the biggest in the US, on land that they originally bought for coal mining purposes.

These sorts of investments are not consequence-free, as mining of any kind tends to deplete local resources, especially water and energy, and can have serious and deleterious effects on people and ecosystems, too. But this does seem like one of the more likely avenues through which these companies' interests may slowly come to align with those of folks, businesses, and governments that are trying to segue the US and other economies to clean energy; and that's meaningful because otherwise these companies almost always represent the most significant, well-moneyed and lobbyist-employing roadblocks to legislation and investment that would speed up the deployment of renewables and associated infrastructure; so this type of pivot would conceivably give them reason to support, rather than hamstring those efforts.

That said, some of these announced efforts may end up being mostly PR plays, similar to how big oil companies have dangled the possibility of cleaning up their emissions using carbon drawdown technologies, for years, but few such investments have been made, and some of the deployed tools were eventually retired, as they didn't really do what they were supposed to do.

So there are potential avenues via which priorities might align more closely in the coming years, if the economics of such paths can be worked out and if the market validates them, but there's also a chance these opposing interests remain oppositional for the foreseeable future, even though both arguably scratch necessary itches, and both represent anchors and wings for politicians who support and rely upon them.

Show Notes

https://grist.org/energy/oil-companies-used-to-run-this-town-now-theyre-back-to-mine-for-lithium/

https://www.reuters.com/default/more-us-energy-deals-likely-2024-wave-consolidation-2024-01-24/

https://www.semafor.com/article/03/13/2024/inside-saudi-arabias-plan-to-take-over-the-mining-industry

https://www.reuters.com/markets/commodities/us-leads-global-oil-production-sixth-straight-year-eia-2024-03-11/

https://www.reuters.com/business/energy/saudi-aramco-says-it-will-cut-planned-maximum-capacity-12-mln-bpd-2024-01-30/

https://www.reuters.com/markets/commodities/record-us-oil-output-challenges-saudi-mastery-kemp-2023-12-04/

https://www.visualcapitalist.com/visualizing-the-rise-of-the-u-s-as-top-crude-oil-producer/

https://www.forbes.com/sites/gauravsharma/2023/12/19/as-2024-approaches-us-leads-global-crude-oil-production-roster/?sh=107f8c582706

https://www.reuters.com/markets/commodities/is-us-shale-oil-revolution-over-kemp-2022-11-22/

https://en.wikipedia.org/wiki/Shale_gas_in_the_United_States

https://www.nrdc.org/stories/fracking-101

https://www.eia.gov/dnav/ng/hist/n9133us2M.htm

https://www.eia.gov/energyexplained/natural-gas/liquefied-natural-gas.php

https://www.reuters.com/business/energy/us-was-top-lng-exporter-2023-hit-record-levels-2024-01-02/

https://www.eia.gov/todayinenergy/detail.php?id=61523

https://jpt.spe.org/the-trend-in-drilling-horizontal-wells-is-longer-faster-cheaper

https://edition.cnn.com/2023/03/28/energy/eu-us-oil-imports-overtake-russia/index.html

https://www.nytimes.com/interactive/2023/09/25/climate/fracking-oil-gas-wells-water.html

https://www.newscientist.com/article/2422110-methane-leaks-from-us-oil-and-gas-are-triple-government-estimates/

https://www.eia.gov/todayinenergy/detail.php?id=61523

https://en.wikipedia.org/wiki/Petroleum_in_the_United_States

https://www.marketplace.org/2024/02/12/diamondback-and-endeavor-merger-trend-bigger-fewer-oil-companies/

https://www.strausscenter.org/energy-and-security-project/the-u-s-shale-revolution/

This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about foreign aid, brain drain, and long-term economic consequences.

We also discuss the Rasputitsa, counteroffensives, and strategic rethinks.

Recommended Book: The Kaiju Preservation Society by John Scalzi

Transcript

We've done this a few times before, but it's been a while since I've done a real update on Russia's full-scale invasion of Ukraine—September of last year, I think, was the last one, a bonus episode on the topic—and a fair bit has happened since then, even if a lot of these happenings have been overshadowed by other conflicts, most especially the invasion of Gaza by Israel following the attacks on Israel by Gaza-based Hamas.

But before diving into what's been happening, recently, in Ukraine, let's walk through a quick summary of events up till this point.

In early 2014, Ukraine's people rose up against their Russia-aligned government in what became known as the Maidan Revolution or Revolution of Dignity.

This was a long time coming, by many estimates, because of changes that had been made to the country's constitution and government since a decade previous, most of those changes orienting Ukraine more toward Russia's sphere of influence, authoritarian policies, and various sorts of corruption at the top, and the protests that led to this revolution began in November of 2013 before culminating in February the following year, which led to the toppling of the government, the creation of a new, interim government, the president fleeing to Russia, and new elections that kicked off a period of decoupling from Russian influence.

This was not well received in Russia, which has long seen Ukraine as being under its sway, if not belonging to Russia, outright, Ukraine serving as a large, friendly buffer between it and Europe, so Russian forces were send in, the flags and other identifiers on their fatigues removed, to support separatists in the eastern portion of Ukraine.

This sparked what became known as the Donbas War, which periodically flared up and sometimes merely simmered, but continued from when it began in February of 2014 all the way up to Russia's more formal invasion of Ukraine on February 24, 2022, following several months of buildup along the countries' shared border.

Against the odds and most analysts' assumptions, Ukraine managed to fend off Russia's initial assault, Russia managing to capture some territory, but not the capital city, Kyiv, and thus it wasn't able to decapitate the Ukrainian government and replace it with folks who would be loyal to Russia, as was apparently planned.

Russia's stated plans changed several times over the next few years, as their assaults continued to falter in the face of stiffer than expected resistance, and eventually the so-called "special military operation" in Ukraine became a more overt, full-on war, complete with forced conscriptions, massive loss of life, the demolition of infrastructure and entire towns, and a recalibration of the global order, new alliances popping up, others being challenged, and everyone, to some degree at least, being sorted into categories based on who they support, who they don't, and who they are willing to tolerate despite not supporting—that latter category consisting mostly of less-aligned nations like Brazil and India, which have done pretty well for themselves, economically, staying somewhat neutral and aloof from this conflict, and thus continuing to deal with both the Western alliance supporting Ukraine, and the comparably small team of opposing nations, including China, North Korea, and Iran, all of which back Russia to varying degrees.

In September of 2023, when I did the last update episode on this conflict, the state of play was largely defined by drone-based harassment of soldiers and infrastructure, like energy sources and bridges, by both sides against the other, Ukraine's flagging counteroffensive against Russia, which started out pretty good, but then ran intro trouble, seemingly due to sturdy Russian defenses that had been built around the portion of Ukraine they'd captured, the arrival of the "Rasputitsa" muddy season, which makes movement difficult in the region, and discussions about whether the US would provide longer-range artillery to Ukrainian forces, as Russia was comfortably settled-in, lobbing endless missiles and drones at Ukrainian forces and civilians, so longer-range munitions would help Ukraine counter that advantage, but there were concerns that this could lead to more attacks by Ukraine against Russian targets within Russia, which—because they would be using US weaponry—could help Russia justify expanding the war, which could, in turn, lead to WWIII, nuclear deployments, and the end of the world.

There was also discussion about whether the US should keep sending tens of billions of dollars to Ukraine, with Republicans mostly saying it wasn't okay, and some European leaders, especially those in Hungary, saying the same, while essentially everyone else said we need to keep Ukraine stocked with weapons and ammo, as the money is well-invested.

What I'd like to talk about today is what's happened in the months since, and what folks in the know are expecting to happen, next.

—

Since last September, the debate over sending money to Ukraine has increased in volume, with countries like the UK scrambling to increase their funding to help fill the gap left by the US, where Congress is still deadlocked over a $60 billion aid package, the lack of which has left the Ukrainian government in the lurch, debating tax increases and spending cuts, while also rationing ammo, because they've hit their ceiling in terms of spending.

Most of those gap-filling aid packages from elsewhere, though, weigh in at tens or hundreds of millions, not billions, so one of the main challenges Ukraine faces right now is figuring out how to adapt their strategy for a wartime reality in which they're not well-funded from outside sources, as there's a chance more funding could eventually arrive from the US and other sources, but it's looking like the appetite for uncapped aid checks is drying up, even though Ukrainian President Zelensky continues to make the case that funding his country's defense is an investment, not a hand-out, because it ties up, and potentially even halts Russia's military ambitions in the area, which might otherwise be aimed at other nations Russia considers to be part of its orbit, and in some cases even thinks of as stolen territory, like Estonia—an attack on which would bring the whole of NATO into a conflict like the one Ukraine alone is facing, currently.

Ukraine has also been escalating its attacks, mostly surreptitious, but sometimes a bit more flagrant, into Russian territory near their shared border, using on the ground special forces teams on occasion, but mostly leveraging their remote-controlled and autonomous drone fleet to strike primarily military and energy targets, like fuel depots and fighter jets parked at airports.

Over this same period, Russia has hammered Ukrainian cities and towns with heavier-than-usual waves of rockets and explosive drones, targeting some military infrastructure, but more often hitting civilian centers, apartment buildings, and shopping malls.

A much-vaunted counterattack by Ukraine against Russian forces occupying their territory in November of 2023 achieved a few small, mostly symbolic goals, but failed to tally the large number of strategic successes accomplished during another counterattack earlier in the year.

This failure to replicate that previous success led to a wave of pessimism in Ukraine and allied nations, and new calls for some kind of peace talks—though then, as now, the Ukrainian government maintains that it won't hold serious talks until Russian forces have left the Ukrainian territory they've occupied, and they also say—with merit, according to most analysts—that any ceasefire before a Ukrainian victory would mostly benefit Russia, which would likely spend the time shoring-up its military and then invade again within the next few years, no matter what the terms of the ceasefire said.

So a ceasefire, at this point, would seemingly favor Russia, and most experts think the current situation on the ground in Ukraine favors Russia, as well, though Russia is suffering some serious consequences from their invasion, both of the short- and long-term variety.

In the short-term, Russia's economy—though not collapsing as many of the nations applying sanctions, like the US and EU countries, had hoped—is not doing anywhere near as well as it would have been doing, had this invasion not happened, or had it gone better for them, ending quickly, within a few days or a week, as they had initially expected.

It's become a lot more difficult for them to do business with much of the world, too, and their influence over global energy markets in particular have been severely hamstrung, which in turn has lessened the geopolitical heft of the OPEC + Russia oil cartel.

Russia has also nearly emptied its prisons, giving even incredibly violent and unstable prisoners the option of joining the military and being sent to the frontlines, those who survive granted their freedom; and this has reportedly led to a lot of horribleness back home, as these prisoners have been causing the sorts of trouble you might expect violent and unstable people to cause after being freed from prison, with the addition of also potentially suffering from the effects of PTSD and other sorts of trauma from having survived on the frontline of what has often been described as a meatgrinder sort of conflict, and in some headline-grabbing cases, they've brought military weapons back home with them, allowing them to cause enough more damage than would have otherwise been possible.

Russian citizens also have to worry about being conscripted, in some cases grabbed from the street and taken, with little preparation, to the front line somewhere in Ukraine, and about the sporadic drone attacks from Ukrainian special forces and Russian groups that support Ukraine in this conflict.

More abstractly, the Russian economy is not doing great, they've been largely unable to produce much in the way of high-end or high-tech goods for several years, now, and they're also running short of workers, more than 43% of industrial enterprises in the country reporting worker shortages as of July, 2023.

In parallel, more than 1000 companies have withdrawn from Russia, including their own google-equivalent, Yandex, which took a 50% hit on its already substantially depleted value just to be able to leave the country and operate elsewhere; this has given the Russian government more direct control over their regional slice of the internet, but it's also a tradeoff many companies, international and local, have decided to make, as being cut off from the rest of the world and having significant sanctions applied to their behaviors if they stick around generally isn't considered to be worth the upsides.

Also leaving Russia are its people. And while there will almost certainly be long-term consequences of those contemporary economic issues for Russia and Russians, this so-called "brain drain" could prove to be even more significant, especially when paired with the large number of deaths amongst Russia's troops, estimated to tally somewhere between 70 and 120 thousand since the full-scale, 2022-era invasion began.

Also since late-February 2022, at least 2,500 scientists have left Russia, and that's on top of the around 50,000 Russia's own Academy of Sciences estimates it has lost over the past five years—all those researchers moving to greener pastures in other countries.

An estimated 11-28% of the country's software developers have fled, and as of early 2023, it was estimated that hundreds of thousands of young people have left Russia since the invasion.

Research from within Russia that same year indicated that about 1.5 million people under the age of 35 left the Russian workforce in the year between December of 2021 and December of 2022, alone, for brain drain and other reasons, and this—combined with all the young people who have been conscripted, adding up to around 521,000 soldiers by the end of 2023, the goal being around 745,000 by the end of 2024—that's a lot of people, all from a relatively narrow age demographic, roughly 18 to 30, who are not working, are not getting a formal education, who are not dating, not home with kids or their older family members, to take care of them.

From a demographer's perspective, this is the seed-corn of a country, the next generation that will step into roles that are currently held by the adults in the room. And Russia is a country of around 144 million people, so it's not small, and these figures won't wipe them out or anything, but their population has been on the decline since the mid-1990s, and the median age in the country is already just over 39 years old.

So losing, to other countries, to the black market, maybe, or to death, disability, or the other consequences of a military conflict, a significant chunk of the younger portion of your population is not ideal, as that leaves a country with fewer people who are capable of stepping into the roles that their elders will be leaving over the next few decades, and that means fewer younger people to keep the economy ticking along, to make discoveries, to earn money and pay taxes, which over time perpetuates all kinds of negative cascades and spirals, economically, demographically, and in terms of a country's capacity to compete, globally.

One of the most long-lasting consequences of this invasion, then, could be a demographic collapse in Russia that leads to untold consequences, up to and including the eventual overthrow of a government that, no matter how cleverly it navigates this war and whatever happens next, won't be able to bring renewed equilibrium, safety, success, and flourishing back to the country, because of issues like demography that are not really salvageable once the dice are cast.

Of course, Ukraine is in an even worse state, and would be even if all the money than had been promised and implied by its wealthy western allies had arrived on time: the country is devastated, its people are almost uniformly traumatized, it's governance and infrastructure is operating only at subsistence level, and some of its towns and cities have been almost entirely leveled, no buildings left standing, completely unlivable, and not just because there's no running water or electricity or shelter—the very soil in many of these areas, some of which are vital breadbasket regions for the world, have been polluted with toxins and chemicals from the conflict, and that's when they haven't been freckled with mines.

Over the past few months, the story on the ground has remained largely the same, with Russia managing to take a few symbolic and moderately strategic cities and towns, and the front line barely moving at all in either direction.

Ukraine has been hobbled by a lack of resources and those aforementioned defense lines Russia set up, after it committed to hold still, shooting long distance stuff, and periodically flooding the zone with meat-shield, waves of soldiers, which seems to be working decently well, though with a significant loss of life as a tradeoff.

The Ukrainian leadership replaced the country's commander-in-chief in early February 2024, amidst rumors of disagreements between him in the president about how to proceed, and there's been word that the US is encouraging Ukrainian's government to settle in for the long-haul, rather than aiming for shorter-term victories and press release-worthy counterattacks, building up their in-country manufacturing capacity so they can produce their own weapons and ammo, and making it more likely that Russia will likewise be tied up indefinitely, having to invest more and more resources for every square foot it takes and occupies.

The degree to which this will work has been questioned, and Russia has shown itself to be more than capable of striking targets well beyond the front lines, so anything Ukraine builds, especially in terms of military manufacturing capacity, would likely be targeted before it could come online.

In Russia, anti-government sentiment was recently inflamed by the seeming killing of anti-Putin crusader Aleksei Navalny, who was previously reportedly poisoned by the Russian government, before returning to the country, being put in a prison camp, and then apparently killed—though the nature of his death and treatment of his body, family, and supporters after the event has left this sequence of events as much of a puzzle as the deaths of the other people who have run afoul of the Kremlin and then mysteriously died of poisons, by falling out of windows, and so on—the specifics are in question, but most experts assume these deaths were ordered by Putin or one of his people.

The degree to which this will matter, how much this renewed support of anti-Putin people and causes will impact anything in a country that's pretty well locked down in Putin's favor at this point, is a big question mark right now.

But it is a wildcard that could go on to influence this larger conflict, and the eventual state of this part of the world when it finally ends, whenever that happens to be.

Though at this point, knowing what we know now, publicly, it seems likely to persist for at least another year, and maybe a lot longer than that.

Show Notes

https://www.semafor.com/article/02/06/2024/sale-of-russias-google-yandex-tightens-moscows-grip-on-the-internet

https://www.washingtonpost.com/world/2023/02/13/russia-diaspora-war-ukraine/

https://www.themoscowtimes.com/2023/04/11/russia-lost-13m-young-workers-in-2022-research-a80784

https://archive.ph/oEs0l

https://thebarentsobserver.com/en/2024/01/brain-drain-hammering-russia-more-2500-scientists-have-already-left-disaster-experts-say

https://archive.ph/n1D8R

https://archive.ph/XXKPw

https://archive.ph/YKfDR

https://www.npr.org/2023/05/31/1176769042/russia-economy-brain-drain-oil-prices-flee-ukraine-invasion

https://www.themoscowtimes.com/2023/04/11/russia-lost-13m-young-workers-in-2022-research-a80784

https://www.worldometers.info/world-population/russia-population/

https://en.wikipedia.org/wiki/Economic_impact_of_the_Russian_invasion_of_Ukraine

https://www.reuters.com/world/india-says-it-busts-trafficking-racket-duping-people-into-fighting-russia-2024-03-08/?utm_source=substack&utm_medium=email

https://www.reuters.com/world/us-embassy-warns-imminent-extremist-attack-moscow-2024-03-08/?utm_source=substack&utm_medium=email

https://www.france24.com/en/europe/20240308-turkey-ready-host-ukraine-russia-peace-summit-erdogan-zelensky?utm_source=substack&utm_medium=email

https://www.nytimes.com/2024/03/09/world/europe/russia-ukraine-avdiivka-villages.html

https://www.nytimes.com/2024/03/10/world/europe/ukraine-women-soldiers-army.html

https://www.independent.co.uk/news/world/europe/russia-ukraine-war-putin-nato-troops-latest-b2510252.html

https://reuters.com/world/europe/pope-says-ukraine-should-have-courage-white-flag-negotiations-2024-03-09/

https://www.reuters.com/pictures/ukraines-winter-war-scenes-frozen-frontlines-2024-03-08/

https://www.wsj.com/world/russia-is-pumping-out-weaponsbut-can-it-keep-it-up-ba30bb04

https://archive.ph/T6lK8

https://en.wikipedia.org/wiki/Revolution_of_Dignity

https://en.wikipedia.org/wiki/Russo-Ukrainian_War

https://en.wikipedia.org/wiki/Timeline_of_the_Russian_invasion_of_Ukraine

This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about virtual reality, the Meta Quest, and the Apple Vision Pro.

We also discuss augmented reality, Magic Leap, and the iPhone.

Recommended Book: Daemon by Daniel Suarez

Transcript

Ransomware is a sub-type of malware, which is malicious software that prevents its victim from accessing their data.

So that might mean keeping them from logging into their cloud storage, but it might also mean encrypting their data so that there's no way to access it, ever again, unless they have the necessary decryptor, which is a piece of software or sometimes just a key that allows for the decryption of that encrypted, that locked-down data.

The specifics of all this, though, are often less important than the practical reality of it.

If you're attacked by a ransomware gang or hacker, your stuff, maybe your personal files, maybe your business files, all your customer information, your valuable trade secrets, anything that's stored digitally, might be completely inaccessible to you, and possibly even prone to deletion, though that might not even be necessary since strong encryption is essentially the same thing as deletion, for most intents and purposes; but all that data is gone, held hostage until and unless you pay some kind of ransom to the person or group that encrypted it, and which holds the key to its decryption.

Most ransomware software is transmitted to its victims' computers via a trojan, which is a kind of malware that seems like real-deal software that you actually want or need to install, and folks are generally tricked into downloading and installing it because of that presumed legitimacy.

So maybe you receive what looks like a software update for a tool you use at work, and it turns out the update was faked and what you installed was actually a trojan that installed malware on your computer, and consequently on your network, instead.

Or maybe you pirated some software, and alongside the fake copy of Photoshop you installed, a trojan also carried another snippet of code that then, in the background, when your computer was hooked up to the internet, downloaded malware that looked for private data and encrypted it.

At some point after ransomware is delivered and installed, your data successfully encrypted and inaccessible, you'll receive the ransom demand.

For a while this was kind of an ad hoc thing, in some cases targeting people randomly on early internet usenet groups, in others big companies and other wealthy entities being specifically targeted and then ransomware teams calling or emailing or texting them directly, because they knew who they were hitting.

In recent years, this has become a more distributed and mainstream effort, akin to an, organized business, and that mainstreamification was partially enabled by the dawn of crypto-currencies like Bitcoin, which allow for relatively anonymous transactions with strangers, and the development of ransomware that is self-contained, in that it can install itself, find the right, valuable files, and then demand a ransom from its victim, providing that victim with the proper bitcoin wallet or other crypto-banking system into which they need to deposit a fixed amount of money in that less-trackable digital currency.

The software can then, still autonomously, either decrypt the files once the ransom is paid, or delete the files, killing them off forever, if the ransom isn't paid by an established deadline.

Other variations on this theme exist, and some ransomware doesn't use encryption as a motivator to pay, but instead locks down users' machines, displays some kind of demand for money, purporting to be a government agency (or lying about having encrypted or stolen something of value), or it threatens to install illegal pornographic images of minors on the victims' machine if they don't pay the ransom.

By far the most popular approach to ransomware, today, though, is encryption-based, and recent evolutions in the business model backing ransomware has escalated its use, especially what's become known as ransomware-as-a-service, which was popularized by a Russian hacker group calling itself REvil that started using it against a variety of targets, globally, to devastating and profitable effect.

What I'd like to talk about today is another group that has made successful use of this business model, and a recent investigation into and operation against that group.

—

First observed by cybersecurity entities in 2019, LockBit quickly became one of the most prolific and effective ransomware-as-a-service providers in the world, their offering, a product called LockBit 2.0, representing the most-used ransomware variant globally in 2022, accounting for something like 23% of all ransomware attacks in the US in 2023, and around 44% of all such attacks globally.

According to the FBI, LockBit has been used to launch around 1,700 ransomware attacks in the US since 2020, and according to the US Cybersecurity and Infrastructure Security Agency, about $91 million worth of ransoms were paid in the US alone over the past three years, and it's estimated that number is in the hundreds of millions when we include targets around the world.

LockBit's offerings work like many other ransomware-as-a-service offerings, in that they provide what amounts to a dashboard filled with tools that allow users, those who wish to deploy ransomware attacks, those users being their customers, everything they need to do so, and most of their offerings allow even folks with little or no technical knowledge to launch a successful ransomware campaign; it's that user-friendly and intuitive.

Hackers using LockBit announced the 2.0 version of the service by attacking professional services giant Accenture in 2021, using what's called a double-extortion approach, which involves encrypting their victim's data, and then threatening to release it if their victim doesn't pay up.

They then hit French electrical systems and administrative and management services companies, alongside a French hospital, a group of British automotive retailers, a French office equipment company, the California Finance Administration, the port of Lisbon, and Toronto's Hospital for Sick Children in 2022—in that latter case backtracking after realizing a children's hospital was hit, the group formally apologizing for what they called a violation of its rules by a member of its group, who it claimed was no longer a part of its affiliate program; it provided a free decryptor for the hospital so it could regain access to its data.

And that response gestures at the larger opportunities and problems associated with this kind of business model.

LockBit is run by a group of people who develop the software tools and provide the services backing up those tools to help anyone who wants to use their product successfully launch ransomware attacks against whomever they want.

There are apparently rules about who they can attack, but that's kind of like being a gun store operator who tells their customers they're not allowed to shoot anyone, and if they do, they'll have their gun taken away: they can certainly have those rules in place, but by the time they take back the gun they sold to someone who ends up shooting someone else with it, some damage has already been done.

The business models of ransomware-as-a-service schemes vary, and some groups allow their customers to just pay a set licensing fee, once or reccuringly, others have profit-sharing schemes, while others have affiliate programs of some flavor.

LockBit seems to have landed on a scheme in which they take something like 20% of whatever their customers, those using their LockBit service, are able to get as a ransom.

And just like other software-as-a-service companies, LockBit is thus incentivized to continue providing better and better services, lest their customers leave and use one of their competitor's offerings, instead.

Thus, in mid-2022, they release LockBit 3.0, and among other innovations it offered a bug bounty program, which provides payouts to security researchers who find errors in their code—something that companies like Microsoft and Google do, but not something other ransomware gangs have done in the past.

The attacks kept coming through 2022 and 2023, and though the US Department of Justice announced criminal charges against one Russian national for his alleged connection to LockBit as an affiliate, and the arrest of another for his participation in a LockBit-oriented campaign, the hits just kept coming, LockBit affiliates attacking a French luxury goods company, a Germany car equipment manufacturer, a chain of Canadian bookstores, the Hong Kong branch of the China Daily newspaper, the Taiwanese TSMC semiconductor company, the Port of Nagoya in Japan, US aerospace and defense company Boeing, the Chicago Trading Company, and Alphadyne Asset Management, and it kicked off 2024 by encrypting the computer system of Fulton County, Georgia.

On February 19, 2024, the UK's National Crime Agency, working with Europol and agencies from 9 other countries seized LockBit's online assets, including more than 200 crypto wallets, 34 servers located in eight countries, and about 11,000 domains used by LockBit and its affiliates as part of its ransomware-installation and payout process.

They discovered that some of the data supposedly deleted by the group when their victims paid their ransoms wasn't deleted as promised, and they released decryptors to free the data of victims who hadn't paid ransoms, and who had thus been going without access to their data, in some cases for a long time.

They also issued three international arrest warrants and five indictments that target other people related to LockBit's operations, and they've issued a reward of up to $15 million for information about LockBit associates.

This operation, called Operation Cronos, took years to set up and months to complete, once it was ready to go, and though the agencies behind the operation say they've still got plenty left to do—as those in charge of LockBit are still in the wind, some ransomware tools are still functioning, at least partially, and thousands of accounts associated with LockBit affiliates have been identified, but not yet shut down—it's also being seen as a pretty solid success, allowing them to develop a universal decryptor for LockBit 3.0, and taking out much of the online infrastructure LockBit relied upon to function, not to mention, no doubt, a fair bit of its reputation, as it's likely many of its potential customers will now flee to other offerings for their ransomware-as-a-service needs.

All that said, ransomware continues to be a significant threat, for individuals, but especially for business entities, agencies, and organizations of any size, and there are plenty of other options out there for such tools, and only so many cybercrime agencies capable of tackling them; and it seems to take a lot longer to do the tackling than it does to set up a successful, large-scale ransomware-as-a-service business.

So the combination of potent encryption tools, automated services, and a potent means of earning fairly consistent income seems likely to keep ransomware tools of this kind in the money for the foreseeable future, and that means, even with these periodic takedowns of people involved with the larger-scale entities in this space, this approach to siphoning money from wealthy entities from a distance will probably continue to grow, until the next, more profitable and effective version of the same comes along.

Show Notes

https://www.bleepingcomputer.com/news/security/police-arrest-lockbit-ransomware-members-release-decryptor-in-global-crackdown/

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-disrupted-by-global-police-operation/

https://www.bleepingcomputer.com/news/security/ransomware-gang-apologizes-gives-sickkids-hospital-free-decryptor/

https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-lockbit

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a

https://www.bbc.com/news/world-us-canada-63590481

https://www.justice.gov/usao-nj/pr/russian-and-canadian-national-charged-participation-lockbit-global-ransomware-campaign

https://krebsonsecurity.com/2024/02/feds-seize-lockbit-ransomware-websites-offer-decryption-tools-troll-affiliates/

https://www.washingtonpost.com/business/2024/02/20/lockbit-ransomware-cronos-nca-fbi/

https://www.axios.com/2024/02/19/lockbit-ransomware-takedown-operation?utm_source=substack&utm_medium=email

https://www.washingtonpost.com/business/2024/02/20/lockbit-ransomware-cronos-nca-fbi/

https://www.bleepingcomputer.com/news/security/police-arrest-lockbit-ransomware-members-release-decryptor-in-global-crackdown/

https://www.reuters.com/technology/cybersecurity/us-offers-up-15-mln-information-lockbit-leaders-state-dept-says-2024-02-21/

https://arstechnica.com/security/2024/02/after-years-of-losing-its-finally-feds-turn-to-troll-ransomware-group/

https://arstechnica.com/information-technology/2024/02/lockbit-ransomware-group-taken-down-in-multinational-operation/

https://www.bloomberg.com/news/articles/2024-02-21/russia-s-lockbit-disrupted-but-not-dead-hacking-experts-warn

https://en.wikipedia.org/wiki/Lockbit

https://en.wikipedia.org/wiki/Ransomware

https://en.wikipedia.org/wiki/Ransomware_as_a_service

This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about the Meiji Revolution, shoguns, and the Lost Decade.

We also discuss NVIDIA, economic bubbles, and the Tokyo Stock Exchange.

Recommended Book: The Blue Machine by Helen Czerski

Transcript

What became known as the Meiji Restoration, but which at the time was generally, locally, called the Honorable Restoration, refers to a period of massive and rapid change in Japan following the restoration of practical powers to the country's Emperor.

In 1853, the arrival of Commodore Perry and his warships in Japan forced the country to open up trade to the rest of the world, initially with the US but shortly thereafter with other nations, as well. This led to the signing of a series of treaties that were heavily slanted in favor of those other nations, at Japan's expense, and the Meiji Restoration was a consequence of those humiliating treaties, which were essentially forced and enforced by military might, not because Japan wanted anything to do with these foreign entities and their money and goods.

So in the 1860s, some reformist political leaders in Japan started to support the Emperor, who had become something of a ceremonial figure in recent generations, during the country's multi-century seclusion from the rest of the world, and this, among other things, led to a decision by those in charge, who now had more power at their disposal, to shift from a feudal society into an industrialized one.

There was a fair bit of tumult and internal conflict during this period, but the eventual upside was the re-centralization of the country and its land and other assets under the Emperor, away from the shoguns who had been running their own pseudo-countries within Japan for a long while, alongside an order that the country would do a complete 180, no longer isolating itself and eschewing anything foreign, instead seeking knowledge far and wide, wherever it originates, sending folks around the world to discover whatever they can, and to then bring that understanding back to Japan, to strengthen this new iteration of the nation.

By the end of the 19th century, industrialization was the name of the game in Japan, and those in charge had successfully encouraged civilians to bolster the economy by tying its success to the country's military success.

Other governments were happy to play into this transition, as it meant enriching themselves, as well, creating a new, modernizing trade partner that they could exploit but also invest in, and this led to a doubling-down on rapid modernization by the the government, including the culling and destruction of traditional practices, landmarks, and social classes, which wasn't popular amongst the nation's many samurai and other previously celebrated and upper-class people, but it did help the government further centralize power and influence, and reorient things toward economic success and away from a more feudal style of distributed military-backed fiefdoms.

This allowed Japan to become the first non-Western great power, and it's what allowed them to grow to the point that they could take on half the world in World War II, expanding their control throughout Asia and across the Pacific.

Because Japan suffered relatively less from the Great Depression than most Western nations, it was also in a pretty good spot compared to the countries that would become its opponents in WWII leading up to the conflict, and its GDP growth in the 1920s and 30s is part of what allowed it to expand so rapidly across Southeast Asia, grabbing a lot of Chinese territory and turning much of the region, including parts of the Philippines, Burma, Malaya, and Thailand into plantation-like colonies.

The war and post-war periods, though, were a lot less great for Japan, as essentially all the economic gains it made during the Meiji Restoration were lost, their manufacturing capacity wiped out, their infrastructure destroyed, their population numbers depleted, and their civilians psychologically scarred by the drawn-out war and its eventual arrival on their doorstep.

Japan lost its colonies, and as tends to be the case with post-colonial nations, it had to endure a period of economic recalibration, as it could no longer rely upon cheap labor and commodities from these colonies.

It also had to make changes based on the treaties it signed upon its surrender, shifting resources away from its military—which had been a major focus of its entire culture and economy until this point—and moving from an imperial system into a democracy.

The country was then occupied for years, and the previous landlord class that owned much of the country's rural territory was dissolved, the land distributed to the tenant farmers that worked it.

Huge business conglomerates that were close with the government, and which owned much of the economy for about a century were also broken up, and new laws that encouraged business competition and discouraged monopolistic practices were enacted.

After Japan's manufacturing capacity was restored and people were able to rebuild their homes and businesses and everything else that had been destroyed during the war, Japan opened up to international business entities, invested heavily in industries that other countries valued, like chemical production and information technology, and from the 1960s onward, this led to a surge in the country's economy, Japanese industry seeming to always get the jump on its international competition, especially in high-tech fields, like the burgeoning electronic appliance, television, and personal computer markets.

What I'd like to talk about today is how Japan's fresh, 20th century rise fizzled out at the dawn of the 21st century, and why its stock market is booming, now, despite other economic indicators saying the opposite.

—

Things weren't perfect for Japan in the latter-half of the 20th century—they, like much of the rest of the world, experienced an oil crisis in the 1970s, for instance—but they really did chart an impressive economic trajectory for most of the 60s, 70s, 80s, and 90s.

Their success was even more impressive in comparison to other wealthy nations at the time, as that oil shortage, mostly the result of geopolitics, hampered growth in the West, especially the United States, and that allowed Japan to steal a march on its main, electronic hardware and automobile industry competition.

Japan was also in a good spot to profit in these spaces because it had a well-educated population that was used to working long, arduous hours, the former the result of a huge investment in schools, post-WWII, and the latter baked into the culture for generations, due to the country's long history of feudal governance and philosophies that celebrate labor as a moral pursuit.

This allowed Japan to attain a spot amongst the most successful economies in the world, achieving the third-largest gross national product in the 1970s, following only the US and USSR, and achieving first place in the same by 1990.

Previous waves of economic growth in the country had been spurred by exports, but the boom in the late-1980s that led to its 90s-era success was caused by an increase in local consumption, and that, in turn, increased the nation's imports, to feed still-increasing local demand for all sorts of luxuries, alongside fundamentals that were being upgraded, like medical services, leisure-related goods, and basic quality-of-life improvements.

This period was also marked by heavy investment in telecommunications and computing research and development, and that made it the home of the world's largest stock exchange, the Tokyo Stock Exchange, as everyone, everywhere around the world wanted to invest in the most up-and-coming companies, most of which were operating in these industries, and many of them were thus based in Japan, whose cities felt like a sort of science fiction glimpse at the future compared to cities located elsewhere during this period.

Beginning in 1989, though, Japan started to run larger and larger trade surpluses, the yen grew in value, and Japanese citizens were encouraged, through a variety of tariffs and other policies, to save their money rather than spending it.

This led to a period in which businesses were incentivized to buy their foreign competitors rather than investing locally, because their yen bought more overseas than in-country, and this further appreciated the value of the yen, increased the trade-surplus even further, and led to a boom in financial assets, which led to a lot more speculation on the Japanese financial assets market.

That increased popularity in financial speculation led to banks making riskier loans and the rates dramatically increasing on bonds, stocks, and housing, and that, as we've seen happen elsewhere over the years, led to a real estate bubble that made it difficult for Japanese citizens to afford housing, but which also, eventually caused an economic crash, all that investment that was aimed at booming Japanese businesses suddenly flooding outward, instead.

This led to less investment in tech-centric R&D, which led to less-competitive Japanese businesses that were suddenly unable to compete with their foreign rivals, and that, combined with low local consumption, because a lot of people lost their savings in popped-bubble assets and were thus no longer spending as enthusiastically as they had been.

This led to a deflationary spiral that was amplified by banks continuing to hand out money to basically anyone who asked, leading to even more bad investments and the emergence and popping of a number of smaller bubbles into the late-1990s.

The government was forced to subsidize the banks that went under because of all those bad investments, and they did the same for businesses that could no longer do much of anything, but which continued to technically function, earning them the monicker "zombie businesses," of which there were many across Japan.

This period, during which the country's meta-financial bubble slowly collapsed, rather than dramatically popping, has become known as Japan's lost decade, and despite moments of optimism here and there in the years, since, it has arguably become a lost couple of decades, as the government's many attempts to address its deflation and the devaluation of its stock market and larger economy haven't done much to stop the bleeding, and the slow-growth its Nikkei stock index has seen since late-2012 as a result of efforts to increase the country's money supply and eliminate deflation was halted by the implementation of significant new consumption taxes, the damage caused by a huge super typhoon in 2019, and the global recession sparked by the arrival of COVID-19 in 2020.

All of which makes recent news out of Japan, that the country's Nikkei index reached a record high, surpassing its 1989 bubble-era peak in late-February of this year, a bit surprising.

After all, most of the fundamentals in the country haven't really changed, not enough to significantly nudge the needle, anyway, and the other big headlines about Japan's economy, of late, have been about the recession that it entered at the end of 2023.

Data released the same month the Nikkei hit that 34-year high indicate that at the tail-end of 2023, Japan entered a recession, and adding insult to injury, fell off the list of the world's top-3 economies, ceding its third-place position (after the US and China) to Germany—which also isn't doing great right now, but is still doing a bit better than Japan.

What seems to be happening is that COVID-era recession is still weighing on consumer spending in Japan, and the country's industrial output is still low, wages are still low, and inflation is eating up the excess money folks have managed to put away.

This has hurt the country's somewhat-burgeoning service industry, as folks aren't spending on services anymore, lacking enough extra money to do so, and capital spending seems to be stalling, as well, leading to production stoppages at automotive plants, which have reportedly been amplified by a lack of skilled labor, which is itself a problem tied to both insufficient pay and a rapidly aging population.

The jump in the stock market, in contrast, seems to be the result of AI-linked enthusiasm throughout global markets.

Chip-maker NVIDIA has been a huge success story in the US, propping up the market there, and serving as a sort of stand-in for AI optimism more broadly, because it makes the majority of the best, most AI-centric high-end computer chips, and that has led to a surge in its valuation, but also that of other companies even tangentially connected to it and its industry.

Japan houses several such companies, including Tokyo Electron and Advantest, which make equipment that NVIDIA relies upon, and Japan actually still makes computer chips, even if its not as competitive as Taiwan-based TSMC or Netherlands-based ASML, which makes the machines that make chips.

Japan, then, is in a relatively favorable position if this surge in AI-investment continues, because it has the infrastructure and skilled laborers necessary to build-out a hopping high-end chip manufacturing base—so investments are throwing money at some local, relevant companies in the hopes that they'll pay out in the way NVIDIA is currently paying out; which is a lot.

The Japanese government is leaning into this, recently announcing about $68 billion in resources for chip-making companies and related entities in-country, which is a big bet to make, but similar to bets being made by other governments, all hoping that chips will become the next oil, and that they'll be in a position to become market leaders over the next decade, benefitting from further investment, and from that increased long-term capacity of this increasingly fundamental resource.

All of which may or may not play out in their favor, as there's a chance a lot of the hype in AI right now does turn out to be just hype, similar to what we saw with crypto-assets a handful of years ago.

There's also a chance that Japan's fundamentals just aren't where they need to be to sustain this kind of build-out, which would leave them with a lot of incomplete or non-competitive assets that further drain the country's economy and bank account, without providing much in the way of long-term payout.

In the meantime, though, Japan's economy is incredibly uneven, the majority of people continuing to suffer under high-levels of inflation and wages that aren't keeping up, while a relative few are seeing their stock holdings boom, earning a lot more than they have in recent decades from these sorts of investments, and hoping that trend continues.

Show Notes

https://www.imf.org/external/pubs/nft/2003/japan/index.htm

https://www.imf.org/external/datamapper/NGDPD@WEO/JPN

https://www.bloomberg.com/news/features/2024-02-20/japan-s-67-billion-bet-to-regain-title-of-global-chip-powerhouse

https://www.reuters.com/markets/asia/tokyo-stocks-rally-many-japanese-find-themselves-left-behind-2024-02-22/

https://www.investopedia.com/5-things-to-know-before-the-stock-market-opens-february-22-2024-8598465

https://www.ft.com/content/8b982ad2-8923-4f48-adc6-946c10964657

https://www.wsj.com/finance/stocks/japans-nikkei-after-34-years-briefly-tops-record-close-in-intraday-trading-7c29e029

https://www.ft.com/content/1539d638-7499-4dc9-af4f-8a8f2a06ec9b

https://www.nytimes.com/2024/02/22/business/japan-stocks-record.html

https://spectrum.ieee.org/intel-18a

This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about virtual reality, the Meta Quest, and the Apple Vision Pro.

We also discuss augmented reality, Magic Leap, and the iPhone.

Recommended Book: Extremely Online by Taylor Lorenz

Transcript

The term spacial computing seems to have been coined in the mid-1980s within the field of geographic information systems, or GIS, which focuses on using digital technology to mess with geographic data in a variety of hopefully useful ways.

So if you were to import a bunch of maps and GPS coordinates and the locations of buildings and parks and such into a database, and then make that database searchable, plotting its points onto a digital map in an app, making something like Google Maps, that would be a practical utility of GIS research and development.

The term spacial computing refers to pulling computer-based engagement into physical spaces, allowing us to plot and use information in the real world, rather than relegating that information to flat screens like computers and smartphones.

This could be useful, it was posited, back in the early days of the term, as it would theoretically allow us to map out and see, with deep accuracy and specificity, how a proposed building would look on a particular street corner when finished, and how it would feel to walk through a house we're thinking of building, when all we have available is blueprints.

This seemed like it would be a killer application for all sorts of architectural, urban planning, and location intelligence purposes, and that meant it might someday be applicable to everyone from security services to construction workers to doctors and health researchers who are trying to figure out where a pandemic originated.

In the 1990s, though, the embryonic field of virtual reality started to become a thing, moving from research labs owned by schools and military contractors out into the real world, increasingly flogged as the next big consumer technology, useful for all sorts of practical, but also entertainment purposes, like watching movies and playing games.

During this period, VR began to serve as a stand-in for where technology was headed, and it was dropped into movies and other sorts of speculative fiction to illustrate the evolution of tech, and how the world might evolve as a consequence of that evolution, more of our lives lived within digital versions of the world, rather than in the world itself.

As a result of that popularity, especially throughout pop culture, VR overtook spacial computing as the term of art typically used to discuss this type of computational application, though the latter term also encompassed use-cases that weren't generally covered by VR, like the ability to engage with one's environment while using the requisite headsets, and the consequent capacity to use this technology out in the world, rather than exclusively at home or in the office, replicating the real world in that confined space.

The term augment reality, or AR, is generally used to refer to that other spacial computing use-case: projecting an overlay, basically, on the real world, generally using a VR-like headset or goggles or glasses to either display information onto lenses the user looks through, or serving the user video footage that is altered to include that data, rather than attempting to project the same over the real thing; the latter case more like virtual reality because users are viewing entirely digital feeds, but like AR in that those feeds include live video from the world around them.

A slew of productized spacial computing products have made it to the consumer market over the past few decades, including Microsoft's HoloLens, which is an augmented-reality headset, Google's Glass, which projects information onto a tiny screen in the corner of the the user's eyeline, and Magic Leap's self-named 1 and 2 devices, which are similar to the HoloLens.

All three of these products have had trouble making much of a dent in the market, though, and Magic Leap is in the process of retiring its first headset, though it's reportedly partnering with Meta on a new device sometime soon, Microsoft has mostly pivoted to working with companies and agencies rather than selling to consumers, though future versions of their headsets might revert back to their original intended customer base, and Google Glass was retired in 2015, replaced by enterprise editions (sold to businesses and agencies) from that point forward, though those enterprise editions were also halted in 2023.

What I'd like to talk about today is the current status of this space, which is being shaken up by two big, global players and their products: Meta with their Quest line of spacial computing devices, and Apple with it's new Apple Vision Pro.

—

In 2014, the company that was at the time known as Facebook, but which is now called Meta bought a virtual reality company called Oculus for about $2 billion.

Oculus made a popular VR device, popular for VR devices in 2014, at least, that was only ever released as a development prototype, but which garnered a huge amount of attention nonetheless, blowing away its Kickstarter goal and attracting tens of millions of dollars in investment from well-known tech-world venture capitalists.

The purchase was criticized by many, as part of the appeal of Oculus was that it was independent from the big players in the space, but $2 billion is a significant amount of money, so the sale went through after regulators approved it, and Facebook, now Meta, started churning out its own headsets, initially continuing to use the Oculus branding, but it was more cohesively integrated with Meta's portfolio of offerings in 2021, redesignating this now sub-company Reality Labs, and entwining it with other Meta products like Instagram, Messenger, and WhatsApp—that effort culminating in 2022 with the complete retirement of the Oculus monicker, re-designating the company's products with the Quest brand, its social platforms renamed Horizon, as in Horizon Worlds.

So beginning in 2022, Meta had a fully integrated Meta Quest line of virtual reality products, including the hardware and a slew of online components, like social networks, and game, app, and other digital product stores.

The company has a long, for this space, anyway, history of now-discontinued products, including partnerships with the likes of Samsung and headsets that vary in price and power, some plugging into one's computer to provide processing heft, but most of the new ones serving as self-contained, all-in-one headset devices, which typically include little handheld controls, wired or wireless, as well.

They've also scooped up a variety of related companies, and in 2021, they attempted to buy a company called Within, which makes popular VR games like Beat Saber and Supernatural, but the FTC blocked the purchase on competition grounds; in 2023, though, the purchase was given the go-ahead, so those, and other popular VR-focused apps are now owned by Meta, as well.

Meta also partnered with glasses-maker Ray-Ban in 2021 to release a product called Ray-Ban Stories, which are glasses that have built-in cameras that can upload videos they record to social media.

So Meta has been investing heavily in this space for years, and their products are relatively well-developed, most of the teething issues faced by new products worked out, at this point, and their products are priced between a few hundred dollars on the low end, about $500 in the middle, and around $1000 at the top.

They also have a decent-sized catalog of in-VR offerings for users, and all of their products plug into all of their other products—for better and for worse, as many people who were irritated about the Oculus purchase were angered by the realization that they would need to have a Facebook account to keep using their hardware; so this is both pro and con, depending on who you are.

Despite Meta's relative success in the world of spacial computing, though, the big story in this space, as of 2024, is that Apple has released their own augmented-reality headset, the Apple Vision Pro, and it's similar but also distinct from Meta's spacial computing offerings.

It has bogglingly detailed screens, which are what project stuff to the user inside the headset, in terms of pixel density, it has a sophisticated hand-tracking interface that allows users to gesture in a fairly natural way to control things within their virtual environment, no separate controllers necessary, it has video pass-through, as do the Quest models, that show the real world within the user's view, but which then superimposes virtual stuff over it, and its tracking of things in the real world is quite detailed and accurate, to the point that some users have been—ill-advisedly, if not illegally—driving their cars while wearing their Vision Pros, and it even offers some possibly just experimental, somewhat creepy quality-of-life additions, like inward facing cameras that track a users face and then display that face while they're video chatting from within the headset, and which project a 3D-video feed of their eyes to the outside of the display, so folks in the world around them can see what their eyes are doing, despite their face being largely covered by this heavy, compared to Meta's headsets, anyway, VR helmet.

Apple's Vision Pro also costs $3,500, which is about 7-times the cost of Meta's entry-level, mid-tier, most popular Quest 3 headset.

So what we have here is two companies presenting different visions of what the spacial computing industry will look like.

Apple's pricing will likely come down, and some of the differences between these products, like Meta's lighter weight headsets and Apple's higher-quality screens, will almost certainly intersect at some point a few product iterations down the line, as they both figure out what's ideal in terms of the quality to price ratio.

Other attributes may disappear, like the outward-facing eye projections, which don't seem terribly effective or useful, though some, like those eye-projections, may also evolve into something that people can't live without, and which Meta and other future competitors will then go on to copy.

We're also seeing the emergence of different market positions within this space, which isn't something we've really had until this point.

Meta had been occupying the perceptual high price point, as their products were the most fleshed-out and for most consumer purposes, at least, useful, and a thousand bucks at the high end is a lot of money for what's mostly an entertaining lark, for most consumers, at this point.

Apple's entrance into this space, though, is a bit like when they stepped into the phone market in 2007 and announced a $500 iPhone: it changed the math, and recalibrated people's expectations of what they should expect to spend in the future.

$500 seems almost ridiculously cheap for a premium device that's become fundamental to so many people for so many purposes, today, and it's possible that Apple's entrance in this space will do the same, allowing Meta to position its products as the Android of the spacial computing world, cheaper, sure, but also more useful for many people, with more pricing tiers, and serving as a sort of practical, non-luxury, and non-overpriced version of what most people want to get from this type of hardware.

The reviews so far seem to support this positioning: Quest headsets are generally quite good, but that's it—they're not blowing any of the tech reviewers away, and most of what they do is passable, not magical.

Apple generally aims for magical, and a lot of its initial reviews have suggested that what the Vision Pro does well, it does VERY well; at that magical level, if not beyond it.

That said, a lot of the same reviews, and the reviews that have arrived since, after the device formally hit the market, have indicated that it has enough bugs and issues and missed opportunities to be incredible in some relatively few areas, but not worth $3,500 in most other regards; many of the stories on the device as of the week I'm recording this episode are about how many people, who enthusiastically forked over thousands of dollars for a first generation Vision Pro when it was released, are now returning their devices so as not to miss the 14-day return window.

The Vision Pro is possibly revolutionary, then, but perhaps not in the sense that it replaces everything that came before: it'll probably change the space in significant ways, but it'll take several iterations before it becomes a must-have product, and in the meantime it'll mostly be meaningful because of how it resets price-expectations, sets a new bar for quality in some regards, and stokes a new round of competition in a space that hasn't seen much in the way of competition for years.

Which is basically what happened with the iPhone, iPad, Apple Watch, and other Apple-made devices, as well. They tend to be really impressive and magical-seeming right out of the gate, but not great, practically, until the third or fourth generation, at which point they're just astoundingly good by most metrics.

There's a chance that this product will find its feet eventually, too, then, though Meta seems keen to give them a run for their money on this, as their long-held desire to own a hardware product category now seems within reach, their past attempts at making their own watch and phone having been incredible failures.

Their pivot to the metaverse, which has been put on hold a little bit because of the advent of generative AI technologies and all the big tech companies trying to figure out what their next steps should be, considering how influential those technologies have turned out to be, those technologies now seem likely to make that metaverse aspiration more viable in the long-term, and these headsets, especially if they can keep making them smaller and lighter and more useable in more contexts, seem like they could be the best entry-point for a Meta-owned network of metaversal platforms, all sorts of content generated on the fly by AI, keeping folks engaged longer, but only if they can maintain their lead over competitors while they build-out those virtual worlds, and as they attempt to grab more relevant companies and refine the relevant hardware, in the meantime.

It's still an open question, though, despite this flurry of hype and investment, whether anyone will really want to use these sorts of devices on a regular basis, beyond those with more money than they can spend and people who are super-enthused about any new tech gizmo.

Some analysts contend that the best access-point for the metaverse, whatever it eventually evolves into, remains and will remain the screens we have on all of our gadgets, and that the idea of face-based computing is a little bit silly and too cumbersome to ever become mainstream.

Others have suggested, though, that we long assumed the same about pocketable computing, and wearing such devices on our wrists—which is something many of us now do, because smartwatches—a field that was for a long time super niche and weird and rare—became incredibly popular after Apple introduced its Apple Watch and then iterated the thing until it was useful, a slew of other companies, including those that were working in this space long-before Apple stepped in, all upgrading and refining their own products, in turn, making the smartwatch world a lot richer and more useful and popular, as a consequence.

If these headsets become lighter, cheaper, and possibly even evolve into goggles or glasses, rather than headsets, that could make them a lot more accessible and useable by many people who, today, struggle to understand why they should care, and what possible use they might have for this kind of device, when their smartphones and computer screens seem to work just fine, and with less neck-strain.

So we could be looking at a flash in the pan movement, or we could be living through the emergence of a new, mainstream, perhaps even universal computing-related product type; but there's a good chance we won't know which for several more years.

Show Notes

https://stratechery.com/2024/the-apple-vision-pro/

https://arstechnica.com/apple/2024/02/our-unbiased-take-on-mark-zuckerbergs-biased-apple-vision-pro-review/

https://www.theverge.com/24054862/apple-vision-pro-review-vr-ar-headset-features-price

https://www.theverge.com/2024/2/16/24058318/apple-vision-pro-sharing-difficulties

https://www.businessinsider.com/mark-zuckerberg-instagram-facebook-meta-posting-era-vision-pro-quest-2024-2

https://www.theverge.com/2024/2/13/24072413/mark-zuckerberg-apple-vision-pro-review-quest-3

https://www.theverge.com/24074795/vision-pro-returns-xbox-future-gemini-open-ai-vergecast

https://fortune.com/2023/02/06/meta-buying-vr-startup-within-unlimited-after-ftc-battle/

https://en.wikipedia.org/wiki/Geographic_information_system

https://en.wikipedia.org/wiki/Spatial_computing

https://en.wikipedia.org/wiki/Microsoft_HoloLens

https://en.wikipedia.org/wiki/Google_Glass

https://www.theverge.com/2023/12/21/24010787/microsoft-windows-mixed-reality-deprecated

This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

This week we talk about The Messenger, ads, and generative AI.

We also discuss search engines, algorithms, and Semafor’s new curation tool.

Recommended Book: The Coming Wave by Mustafa Suleyman

Transcript

There was a piece published on McSweeney's, a humorous, often satirical writing site, recently, entitled "Our Digital Media Platform Will Revolutionize News and Is Also Shutting Down," written by Devin Wallace, that includes gems, ostensibly from an announcement by some kind of new media business, like this one:

"Our new digital media platform is changing the way people consume content. We’re a one-stop-shop location for breaking news, long-form journalism, and in-depth art criticism. We’re also currently shutting down without any notice whatsoever."

It goes on to say:

"Mainstream media will try to shut us down, but they’ll never succeed since we already shut down at 3 a.m. with absolutely no warning to our readers or even our employees."

This piece is a completely unveiled criticism of The Messenger, a news-focused digital media company that launched in May of 2023 and was dissolved on January 31, 2024, about 8 months after its founding.

It was started by 70-something Jimmy Finkelstein, the former owner of The Hill, a DC-based politics and policy-oriented publication he bought in 2012, which was then acquired by another media company in 2021, who said he wanted to start The Messenger for legacy purposes, and which he raised $50 million to fund, before scooping up the assets of another new online media company, Grid News, and hiring a bunch of well-known writers and journalists from other publications, promising higher-than-usual for the industry wages for the 150 employees it hired for its launch, and that number was doubled to around 300 within a handful of months.

The Messenger was then unceremoniously shut down, the company's staff learning about its collapse and their layoffs from other publications reporting on the matter, many of them suspecting a closure, though, when their Slack conversations were suddenly shut down and their connections to the company, company emails, insurance, and the like, all stopped functioning or simply shut them out.

Company leadership, including Finkelstein, had bragged that The Messenger would defy the slow-motion collapse the rest of the news media world was experiencing, with few exceptions, because it would expand aggressively and publish constantly, increasing employment to 750 people and earning $100 million in annual revenue on the back of 100 million unique monthly visitors by 2024.

That...did not happen. It did achieve 100,000 unique daily visitors shortly after launching, but it was only able to earn about $3 million in total revenue by the waning days of 2023, and it burned through cash faster than its competitors.

That $50 million in funding had dropped to around $1.8 million in the bank from May to December of 2023, and the sudden closure seemed to be an effort by company leadership to cut their losses, though the explosion of activity and sum of money invested, followed by such a rapid decline and disappearance has earned The Messenger and those involved in its sudden shut-down the reputation for having invested in one of the most spectacular collapses in online news media history.

What I'd like to talk about today is the broader online news media industry, the challenges this industry faces, and how those challenges are shaping what's happening now and what's likely to happen next.

—

Explanations for The Messenger's rapid and explosive demise are rampant, but some of the most popular orient around Finkelstein's apparently outdated ideas about how to run a news publication, his reportedly bad attitude and horrible relationships with upper-management and other underlings (alongside his reported homophobia and misogyny, which may have amplified those issues), a lack of effort or capability within the ad sales team, which by some indications barely existed, the wasted money spent on Grid News, which was apparently doing some interesting things, but which was almost immediately shut down, killing its brand equity and losing its talented staff, and the incredible amount of bias Finkelstein injected into the publication, despite his claims that he was aiming for something more in the middle for folks who were sick of ideological bias.

It's also been claimed that talented journalists were forced to work in content-farm conditions, churning out dozens of click-bait calibre stories a day, and that Finkelstein and his cronies were basically accustomed to failing-up their entire lives, and thus were caught off guard when their out of touch, but to them brilliant assessment of what was going wrong in the news media world, today, proved to be not just wrong, but company destroyingly wrong—and that then led to a frantic attempt to merge with the LA Times, which was also spiraling, that was destined to fail, and a series of other smaller decisions that TV editor and culture writer Liam Mathews memorably called "ineptitude bordering on cruelty."

Some post-death assessments, though, have supported—implicitly if not explicitly—some of the excuses provided by Finkelstein himself, pointing at the larger winds of change within the industry and blaming those ebbs, flows, and disruptions for the failure of his legacy-defining project.

Among the cited issues is the shift back and forth between ad-supported news and a reliance on subscriptions and memberships: folks paying for the news with their attention versus folks paying monthly or yearly, basically.

There was a big segue toward an absolutist take on subscription and membership-paid content a few years ago, away from the ad-first revenue model that had dominated until that point for most of modern memory, but even big news entities like The Washington Post, Time, Quartz, The Atlantic, the Chicago Sun-Times, and TechCrunch are revamping their approach on this, following Gannett's lead with its newspapers, beginning in 2022, to reduce the number of stories published behind hard paywalls and to either go fully ad-supported once more, or to use more flexible approaches, optimized for what readers are willing to pay, or allowing for generous, ad-supported access to the majority of what they write, with relatively few pieces retained just for paid supporters.

We're also seeing a big move away from the growth-at-all-costs phase of the economy, which lasted from around 2010 until the pandemic, during which many of these entities shoveled gobs of investor money and cheap debt into expansion efforts and experiments, few of which panned out as they'd hoped, evolving into resilient income streams, and when interest rates were hiked as the pandemic peaked, profitability became the name of the game, and many of these companies were caught flat-footed with a lot of unprofitable assets and no-longer-serviceable expenses—so they started killing off components of their mini-empires and firing swathes of employees.

The threats and opportunities inherent in the emergence of generative artificial intelligence technologies are playing a role here, too, as some news entities will no doubt be able to replace some number of their workers with robo-versions of the same, reducing their headcount and paycheck-related liabilities, while also, in theory at least, bulking up some of their AI-handle-able output.

The degree to which this will be true has yet to be seen, but there have already been some early deals between relevant entities, including one recent deal for which Semafor will be paid by Microsoft and OpenAI to use their generative AI technology to help their journalists curate news via a tool called Signals; which in practice is similar in many ways to the news streams you see all over the web, today, with a big headline, an image, a summary of what happened, and some supplementary links.

The idea is that someday this type of tool might be ubiquitous, each news entity with their own spin on the concept, but these rundowns and curated feeds also serving as a jumping-off point for the rest of a media entity's content: something that could change the way they publish and monetize substantially, if it goes as planned.

All of which is leading to waves of layoffs, the industry experiencing what's been called a bloodbath, and even long-lauded brands like Sports Illustrated and Pitchfork are shutting down or becoming merged or stranded assets, their owners struggling to find a way to keep them solvent until they can figure out a business model that works in whatever this new stage of journalism and online publishing turns out to be.

By one estimate 538 journalists were laid off from US-based news publications in January of 2024, alone, not counting the 300-or-so people laid off from The Messenger, and that's following more than 3,000 in 2023 and more than 16,000 in 2020.

Some entities have announced that further firings are impending this year, and quite of a few of the ones that have remained silent so far are on deathwatch, possibly following in The Messenger's wake, collapsing entirely because they weren't able to figure out a way to keep existing in this new, still-emerging paradigm.

Part of the issue with the membership and ads component of this conversation, which are the two ways most news publications are funded, is that there's an increasing focus on algorithmic search and information-discovery on the internet, which basically means rather than someone going to a news entity they like, perusing their offerings and clicking around to different stories from their main website, they might google it or search on TikTok, bypassing traditional players in this space and going to curators and analysts and influencers, instead, reading the news or hearing a summary of it on these other platforms.

One of the major developing trends here, which could further change everything, possibly forever, is the shift within search engines like google toward becoming AI chatbot hubs instead of portals to other webpages.

Google is seemingly attempting to scrape all the information on the internet so folks can ask their on-search-page chatbots questions, and they can plop the answers and resources right there on the google webpage, rather than redirecting those people elsewhere.

Other search engines like Microsoft's Bing are doing the same, and other options are taking this concept even further, not displaying search results and links at all, but instead making a complete website full of information scraped from other sources every time you search, eliminating the need to go anywhere else, ever.

This dramatically changes the math for everyone who makes a living from ads, because folks no longer have to go to their pages and view their ads, which is what generates revenue for the site, in order to get the information they paid to produce. And it impacts membership and subscription income, as well, because why would folks pay for such things when they can just get it for free via google or some other AI-powered search engine?

What we're seeing now, then, is a partial reflection of what's happening elsewhere throughout the economy, as well, as everything recalibrates toward the interest rate and technological reality in which we find ourselves, today.

But it's also possibly a preview of what comes next, as a variety of additional factors, more focused on media and news media in particular, continue to hamstring the entities running the companies in this space, allowing a few, like the New York Times and The Guardian and quite a lot of right-leaning editorial-focused entities to flourish, but killing off basically everyone else during the transition, leaving us with far fewer, less diverse options, and an industry that doesn't seem to have a reliable business model anymore.

Show Notes

https://www.hollywoodreporter.com/business/business-news/media-in-decline-advertising-layoffs-labor-unrest-1235806888/

https://www.politico.com/news/magazine/2024/01/27/is-the-journalism-death-spasm-finally-here-00138187

https://www.axios.com/2024/01/26/media-layoffs-strikes-journalism-dying

https://airmail.news/issues/2024-1-27/sports-immolated

https://www.wired.com/story/plaintext-hairpin-blog-ai-clickbait-farm/

https://www.bbc.com/future/article/20240126-ai-news-anchors-why-audiences-might-find-digitally-generated-tv-presenters-hard-to-trust

https://www.cnn.com/2024/01/23/media/los-angeles-times-layoffs-strike/index.html

https://www.theringer.com/2024/1/23/24047683/us-media-industry-meltdown-sports-illustrated-layoffs-pitchfork

https://www.vulture.com/article/what-we-owe-pitchfork.html

https://www.adweek.com/media/go-media-portfolio-sale/?utm_source=substack&utm_medium=email

https://archive.ph/SMSDU

https://www.semafor.com/article/02/04/2024/inside-conde-nasts-breakup-with-pitchfork

https://www.adweek.com/media/recurrent-ventures-blackstone/

https://www.therebooting.com/the-media-blame-game/

https://variety.com/2024/tv/news/cnn-philippines-close-down-1235890177/?_hsmi=291911003

https://www.axios.com/2024/01/30/wall-street-journal-washington-layoffs-restructuring

https://www.adweek.com/media/techcrunch-shutters-subscription-layoffs/

https://theatlantic.com/ideas/archive/2024/01/media-layoffs-la-times/677285/

https://www.nytimes.com/2024/01/24/business/media/sports-illustrated-covers.html

https://www.niemanlab.org/2024/01/a-student-newspaper-in-iowa-just-bought-two-local-weeklies/

https://www.forbes.com/sites/bradadgate/2023/12/19/media-companies-have-slashed-over-20000-jobs-in-2023/

https://www.politico.com/news/2024/02/01/journalism-layoffs-00138517

https://pwestpathfinder.com/2022/05/09/the-big-sixs-big-media-game/

https://projects.iq.harvard.edu/futureofmedia/index-us-mainstream-media-ownership

https://www.axios.com/2024/02/03/news-media-business-implosion-philanthropic-wealth

https://www.axios.com/2024/02/06/great-subscription-news-reversal

https://www.nytimes.com/2024/02/06/style/journalism-media-layoffs.html

https://www.mcsweeneys.net/articles/our-digital-media-platform-will-revolutionize-news-and-is-also-shutting-down

https://thehill.com/homenews/media/4440773-news-startup-the-messenger-shutting-down/

https://en.wikipedia.org/wiki/The_Messenger_(website)

https://www.axios.com/2024/01/31/messenger-shut-down-closes-jimmy-finkelstein-fundraising

https://www.nytimes.com/2024/01/31/business/media/messenger-closing-down.html

https://www.theguardian.com/commentisfree/2024/feb/02/the-messenger-startup-collapse-journalism-takeaways

https://www.niemanlab.org/2024/02/ineptitude-bordering-on-cruelty-a-roundup-of-recent-news-on-the-messenger/

This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe