Tag: payment providers

Cashless society

Tomorrow morning, I’m going to be participating in a discussion about a “less cash” society on WBUR Boston’s NRP News Station. It should air at 8 AM Pacific time, noon Eastern. You can call in and ask questions if you’d like! http://www.wbur.org/

The other guest is a Harvard economist who wrote a book proposing society phase out all large bills (over $10) and eventually replace small bills with heavier instruments, like coins. He believes that this will cut down on crime, like international gun and drug trafficking.

I think his proposal is extremely dangerous, especially since digital currencies like Bitcoin don’t yet have anonymity baked in (still looking hopefully at ZCash…). So here are some of the points I’m planning on bringing up:

  • Debit cards and credit cards create a detailed history of our lives, and have far more privacy consequences than cash. The banks generate and hang onto a record of every time you use a payment card, and the cozy relationships between banks and the government mean this data is a honeypot for government agents.
  • It’s not just your purchases that can be exposed by a record of financial transactions. These transactions are time and date stamped, and connected to specific locations. In short, our purchase records create a map of where we are and where we’ve been. It can create a pattern of our typical daily habits, and also demonstrate whenever we deviate from those habits. If you wouldn’t be comfortable with everyone wearing a GPS-enabled bracelet that logged location a few times a day, you shouldn’t be comfortable with everyone being forced to use credit cards.
  • When the banks collect this information on everyone, they can not only piece together a map of your life, they can figure out who was near you, and when.
  • Cash is a fundamental necessity for the unbanked, which include many individuals who are unable to provide the documents that banks require to set up an account such as a government issued ID. Remember, banks claim that under the Patriot Act they cannot provide an account to someone without a physical address. For those who are either sensitive about their address (such as the victim of stalking) or do not have a physical address (such as someone who does not have a home) this means no bank account.
  • Slowly eliminating cash won’t just mean that consumers overwhelmingly use payment cards; merchants will eventually stop accepting cash at all, thinking of it as a small and unnecessary portion of their business. And that’s bad not only because merchants and consumers have to foot the bill for payment card fees but because the small amounts of cash remaining (those hefty <$10 coins) will become obsolete if merchants won’t accept them.
  • Cash is a vital safeguard during emergencies, such as power outages caused by earthquakes or hurricanes.
  • Cash can be a lifeline for domestic violence victims preparing to exit from a dangerous situation. When an abuser has access to one’s digital accounts, available cash can be a lifeline to someone trying to get away and start a new life.
  • We have ample examples of banks abusing the trust of consumers for their own gain. The most recent example is Wells Fargo, where more than 5,000 employees opened over 1,000,000 fake accounts in the names of unwitting consumers. But there are countless examples of banks imposing predatory or unnecessary fees which surprise consumers. For someone living paycheck to paycheck, a $50 fee can be a disaster that means trading off on basic necessities like food or medicine.
  • It’s not just the government that may be interested in bank accounts. Bank accounts can be sought during divorce hearings, child custody battle, and other civil suits — not just to establish how much money someone has but to track where they have been at different moments in time.
  • There are a range of political and social causes that individuals may choose to support, but which they would not want connected to them via a paper trail. The obvious example is the gay rights campaign. When I was in high school in Virginia, I interned at a gay rights organization. This was back in the 90s, when you could lose your job as a teacher in Virginia for being gay. And at the time, many people preferred to make donations in cash. There will always be unpopular social and political causes whose supporters may want the anonymity of cash.
  • Financial institutions have been known to shut down and freeze accounts of individuals who have not been accused of any crime. The obvious example is WikiLeaks, which suffered a huge financial blockade without ever being charged in the United States. But since then, I’ve heard a number of stories of law-abiding websites and individuals who suffered from account freezes and shut downs, including online booksellers, literary archives, and even the Chelsea Manning Support Network (Note: I’m a cofounder of that organization).

In conclusion: those with the fewest resources –especially the unbanked, the poor, the homeless–can suffer dire consequences at the hands of banking institutions, and won’t have a financial cushion to protect themselves. There are many reasons we need financial privacy, for example to protect ourselves from government intrusion and to support unpopular movements. Finally, the banks have a bad track record. From shutting down the accounts of law-abiding citizens to creating fake accounts to countless other questionable practices, there are lots of reasons people may not want to entrust their hard-earned money to the bureaucratic behemoths of JP Morgan Chase and Bank of America.

But I’m sure there are a lot of other points I’m missing. What else? What other issues should I bring up tomorrow? Let me know your thoughts. The show is a full hour so I’ve got lots of time.

UPDATE: I got tons of feedback on Facebook and Twitter that I incorporated into my talking points. Thanks all!

The Kafkaesque battle of Soulseek and PayPal

Does your business follow copyright law to the best of its ability? Not good enough. At least that was the case for one long-standing peer-to-peer network, which had its payment processing shut down after more than 14 years of being a loyal PayPal customer.

A version of this article was originally published on EFF Deeplinks.

Does your business follow copyright law to the best of its ability? Not good enough. At least that was the case for one long-standing peer-to-peer network, which had its payment processing shut down after more than 14 years of being a loyal PayPal customer.

Soulseek, a peer-to-peer file-sharing network, faced a Kafkaesque battle with PayPal. When its donors were cut off from making payments to Soulseek, the network struggled to figure out what it had done wrong—or even get a response from PayPal to its questions. Thankfully, Soulseek reached out to EFF. We got in touch with Paypal and helped convince them to reinstate the network.

PayPal did the right thing by restoring Soulseek’s account, and we commend them for that. But we’re also concerned: it’s not scalable for EFF to intervene whenever a law-abiding website is shut off from a payment provider (as we have done with an online bookseller and a short story archive). In addition, we think of Soulseek’s situation as indicative of a larger trend of Web censorship, as websites that haven’t violated any laws are choked of funds—a situation that was disastrous for WikiLeaks and is currently tightening a noose around the electronic neck ofBackpage.com.

Soulseek describes itself as “an ad-free, spyware free, just plain free file sharing network for Windows, Mac and Linux.” The passion project of a husband and wife team, Soulseek itself doesn’t host files for users. Instead, users can join the network, connect with one another, and share files directly.

The platform is donation-driven. Without ads or fees, the service relies on the good will of the community to contribute back to keeping Soulseek going. While hardly profitable, this has been enough to keep the servers running and the software updated for many years.

And that was all fine, until the summer of 2015.

Not Granting Pre-approval at This Time

Instead, Roz Arbel, who runs the site with her husband Nir, heard from users who were unable to send in donations using MasterCard. I spoke with Roz in November and she briefed me on what happened. Roz called PayPal, and spoke to a general support agent. Through that agent, Roz learned that PayPal had sent Soulseek a questionnaire because, as Roz reported hearing from the PayPal representative, MasterCard was coming down on PayPal regarding filesharing networks.

Roz hadn’t seen any questionnaire from PayPal, so they sent a new one over. Roz was assured that service would be reinstated within 48 hours after the questionnaire was completed and returned.

Roz and Nir answered the questions promptly (see below for a list of the questions) and sent the questionnaire back. Most of the questions related to copyright infringement and whether the site was taking the necessary precautions to stay on the right side of the law. Soulseek has existed for as long as it has in large part because it has complied with the Digital Millennium Copyright Act’s safe harbor provisions. For example, Soulseek has a DMCA agent and a policy of blocking user accounts that get repeated copyright infringement notifications.

A week went by with no word from PayPal. It was now October, and Soulseek had been limping along without donations from MasterCard users. Roz again contacted PayPal. This time she heard from a representative of the company that the questionnaire had been received, but nobody inside PayPal had looked at it. Roz was assured that it would be escalated and dealt with immediately.

Within an hour, Soulseek received an email from PayPal stating that the account was being permanently limited. Funds could be withdrawn, but Soulseek would not be able to receive donations through PayPal. No reasons were provided for this decision. There wasn’t even a phone number.

As Roz and Nir Arbel explained in a blog post,

We have asked repeatedly for an explanation of this behavior, but we have been stonewalled at every turn, and have received only form emails telling us that we needed to be “pre-approved” for an account. When we asked what we need to do to be pre-approved, they emailed back and said that they are “not granting pre-approval at this time.”

After this, Roz reached out to EFF. We were able to connect with PayPal and discuss our concerns about the situation. We were happy that PayPal was willing to reverse its decision.

A Little Bit of SOPA

Payment networks blacklisting those accused of copyright infringement without due process is not a new idea. In fact, we saw something remarkably similar in SOPA, the notorious Internet blacklist bill introduced in 2011:

[A] payment network provider shall take technically feasible and reasonable measures, as expeditiously as possible, but in any case within 5 days after delivery of a notification under paragraph (4), that are designed to prevent, prohibit, or suspend its service from completing payment transactions involving customers located within the United States and the Internet site, or portion thereof, that is specified in the notification under paragraph (4). (text)

One of the most troublesome aspects of SOPA was that it did not require a neutral magistrate to consider the merits of a case and then rule on whether a site was actually engaged in copyright infringement. Instead, SOPA empowered payment providers to start shutting down websites as soon as they received written notification from a copyright holder.

This was a bogus idea in 2011, and was defeated in the single most powerful Internet protest to date. So Congress knows that the Internet community won’t stomach this type of censorship, and hasn’t dared to move a similar bill since.

Instead we’re seeing this sort of thing: quiet pressure from content holders aimed at putting pieces of SOPA into place without actually passing a bill.

These kinds of actions come with real costs. As Roz said in a phone interview, “It’s drastically reduced the number of donations we receive. It’s free for our users but it’s not free for us…we’re not doing anything wrong. We’re totally above board, and we’ve always tried to be.”

Free Speech On the Line

While the First Amendment imposes strict limitations on how the government can squelch online speech, corporations have more leeway. The argument, of course, is that consumers have choices about the companies they patronize, and companies also have certain First Amendment rights to choose what sorts of customers they want to allow.

When it comes to payment providers, that’s not exactly true.

Payment platforms are currently extremely centralized, creating what in practice is a duopoly. MasterCard and Visa are behemoth payment service providers, able to dictate through their internal policies what types of speech will and won’t be acceptable online. Other payment providers, including smaller entities like PayPal, Stripe, and many of the Bitcoin payment service providers, are bound by their agreements to Visa and MasterCard.

Until another payment alternative gains widespread popularity in processing online payments, websites are beholden to the terms set up by MasterCard and Visa. So the idea of consumer choice is entirely false.

Threats to free expression online can come in many forms, but shutting down or limiting a law-abiding website is censorship. While the situation with Soulseek turned out well in the end, we’re concerned about the many websites we haven’t heard from that may be facing similar problems. It’s time for the payment providers to start erring on the side of supporting legal speech and let courts—not arbitrary corporate policies—decide what content should be censored.

 

Questionnaire from PayPal (provided by Roz Arbel)

  1. Business Overview. Please provide a general overview of your business, identifying all related website URLs or apps, describing the services you offer and how revenue is earned, and indicating how you use or would like to use PayPal’s services. (The terms “you” and “your” refer to your business in the remainder of this questionnaire.)
  2. Typical Usage. Please describe the kinds of files that are most often stored or transferred using your services (indicating, for example, typical file types, sizes, content and/or other relevant attributes) and, to the extent of your knowledge, the typical purposes that your customers have for using your services.
  3. Incentives for Uploaders. Do you offer rewards, cash payments or other incentives to some or all users who upload files? If so, please describe your related practices, including the criteria used to determine the nature and amount of incentives that users are entitled to receive.
  4. Membership Tiers and Benefits. Please describe any membership tiers, subscription plans or service levels that you offer (e.g., “free,” “premium,” etc.), indicating for each any payments required and the main benefits users receive. Are paying users entitled to enhanced benefits related to downloading or otherwise accessing files uploaded by other users, such as faster access speeds, higher allowances for total amount of data accessed, or the reduction/elimination of wait times, captchas or advertising? If so, please describe the related terms.
  5. Forum Codes. Do you offer “forum codes,” “URL codes,” “HTML codes” or other features that facilitate the incorporation of links to uploaded files on third-party websites? If so, please describe such features.
  6. Link Checker. Do you offer users a link checker or other functionality that helps users determine whether links to uploaded files have been disabled. If so, please describe such functionality.
  7. File Deletion. Please describe any practices you employ related to the expiration, purging or other automated deletion of uploaded files. Is the timing of a file’s deletion influenced by the frequency with which it is downloaded or otherwise accessed? If so, please explain.
  8. Information Collection. Do you collect information about the uploaders of files? If so, please describe your related practices, including whether you collect any of the following: name, postal address, email address and IP address.
  9. Repeat Infringement. Please describe any practices you employ to prevent users of your system from uploading copyright infringing files on multiple occasions. Please include information about any technological methods you use to identify repeat infringers, such as methods involving the IP addresses of computers used to upload files. If a policy or other information related to repeat infringement is available on your website, please provide a link.
  10. Copyright Infringement Reports. Please describe your practices related to soliciting, receiving and responding to reports from third parties about copyright-infringing files accessible through your service. If a policy, reporting instructions or other information related to such practices (e.g., a DMCA policy) is available on your website, please provide a link.
  11. Illegal File Reports. Please describe your practices related to soliciting, receiving and responding to reports from third parties about illegal files accessible through your service (other than reports of copyright infringement covered by Item 10 above). If a policy, reporting instructions or other information related to such practices is available on your website, please provide a link.
  12. Monitoring. Do you employ any practices involving the monitoring of uploaded files to identify and remove copyright infringing files or other illegal files? If so, please describe those practices, including any manual review or automated scanning of files performed by your staff or by any third-party firms. Please indicate the names and website URLs of any such third-party firms.
  13. Law Enforcement Cooperation. Please describe your practices with respect to responding to requests or orders from law enforcement, courts or other government bodies, such as information requests, discovery orders, search warrants and subpoenas.
  14. Child Exploitation. Please describe any actions you take if you become aware that a file uploaded to your system involves child exploitation or any sexually-oriented depiction of a minor.
  15. Other Controls. If you employ any processes or controls not otherwise covered in your responses to this questionnaire that are aimed at preventing or otherwise addressing any actual or potential use of your system for the storage or transfer of illegal files or for other illegal activities, please describe them.
  16. Point of Contact. Please identify and provide contact information (including phone number and email address) for a person who will serve as PayPal’s point of contact with respect to our review of your business and any future inquiries or concerns we may have.