Back in October, Meta announced that its new Instagram Teen Accounts would feature content moderation “guided by the PG-13 rating.” On its face, this made a certain kind of sense as a communication strategy: parents know what PG-13 means (or at least think they do), and Meta was clearly trying to borrow that cultural familiarity to signal that it was taking teen safety seriously.
The Motion Picture Association, however, was not amused. Within hours of the announcement, MPA Chairman Charles Rivkin fired off a statement. Then came a cease-and-desist letter. Then a Washington Post op-ed whining about the threat to its precious brand. The MPA was very protective of its trademark, and very unhappy that Meta was freeloading off the supposed credibility of its widely mocked rating system.
And now, this week, the two sides have announced a formal resolution in which Meta has agreed to “substantially reduce” its references to PG-13 and include a rather remarkable disclaimer:
“There are lots of differences between social media and movies. We didn’t work with the MPA when updating our content settings, and they’re not rating any content on Instagram, and they’re not endorsing or approving our content settings in any way. Rather, we drew inspiration from the MPA’s public guidelines, which are already familiar to parents. Our content moderation systems are not the same as a movie ratings board, so the experience may not be exactly the same.”
In Meta’s official response, you can practically hear the PR team gritting their teeth:
“We’re pleased to have reached an agreement with the MPA. By taking inspiration from a framework families know, our goal was to help parents better understand our teen content policies. We rigorously reviewed those policies against 13+ movie ratings criteria and parent feedback, updated them, and applied them to Teen Accounts by default. While that’s not changing, we’ve taken the MPA’s feedback on how we talk about that work. We’ll keep working to support parents and provide age-appropriate experiences for teens,” said a Meta spokesperson.
Translation: we’re still doing the same thing, we’re just no longer allowed to call it what we were calling it.
There are several layers of nonsense worth unpacking here. First, there’s the MPA getting all high and mighty about its rating system. Let’s remember how the MPA’s film rating system came into existence in the first place: it was a voluntary self-regulation scheme created in the late 1960s specifically to head off government regulation after the government started making noises about the harm Hollywood was doing to children with the content it platformed. Sound familiar? The studios decided that if they rated their own content, maybe Congress would leave them alone. As the MPA explains in their own boilerplate:
For nearly 60 years, the MPA’s Classification and Rating Administration’s (CARA) voluntary film rating system has helped American parents make informed decisions about what movies their children can watch… CARA does not rate user-generated content. CARA-rated films are professionally produced and reviewed under a human-centered system, while user-generated posts on platforms like Instagram are not subject to the same rating process.
Sure, there’s a trademark issue here, but let’s be real: no one thought Instagram was letting a panel of Hollywood parents rate the latest influencer videos.
Next, the PG-13 analogy never actually made much sense for social media. As we discussed on Ctrl-Alt-Speech back when this whole thing started, the context and scale are just completely different. At the time, I pointed out that a system designed to rate a 90-minute professionally produced film — reviewed in its entirety by a panel of parents — is a wholly different beast than moderating hundreds of millions of short-form posts generated by individuals (and AI) every single day.
So, yes, calling the system “PG-13” was a marketing gimmick, meant to trade on a familiar brand while obscuring how differently social media actually works — but the idea that this somehow dilutes the MPA’s marks is still pretty silly.
Then there’s the rating system’s well-documented arbitrariness. The MPA’s ratings have been criticized for decades for their seemingly incoherent standards. On that same podcast, I noted that the rating system is famous for its selective prudishness — nudity gets you an R rating, but two hours of violence can skate by with a PG-13.
There was a whole documentary about this — This Film Is Not Yet Rated — that exposed just how subjective and inconsistent the whole process was. Meta was effectively borrowing credibility from a system that was itself created as a regulatory dodge, is famously inconsistent, and was designed for an entirely different medium. And the MPA’s response was essentially: “Hey, that’s our famously inconsistent regulatory dodge, and you can’t have it.”
The whole thing was silly. And now it’s been formally resolved with Meta agreeing to stop doing the thing it had already mostly stopped doing back in December. So even the resolution is anticlimactic.
But there’s a more substantive point buried under all this trademark squabbling: the whole approach reflects a flawed assumption that one company can set a universal standard for every teen on the planet.
As I argued on the podcast, the deeper issue is that the whole framework is wrong for the medium. The MPA’s rating system was built to evaluate a single 90-minute film, reviewed in its entirety by a panel of parents. Applying that logic to hundreds of millions of short-form posts generated by people across wildly different cultural contexts — a kid in rural Kansas, a teenager in Berlin, a twelve-year-old in Lagos — was never going to produce anything coherent. Different kids, different families, different communities have different standards, and no single company should be setting a universal threshold for all of them. The smarter approach is giving parents and users real controls with customizable defaults, rather than having Zuckerberg (or a Hollywood trade association) decide what counts as age-appropriate for every teenager on the planet.
This whole dispute was silly from start to finish.
Opusonix is the workflow-first platform built for music producers and engineers who are tired of endless email chains and scattered files. By centralizing feedback, versions, and tasks in one structured workspace, it helps you cut email traffic by up to 90% so you can focus more on creating and less on chasing approvals. From time-coded comments and version testing to album planning and client-friendly demo pages, Opusonix gives you the tools to manage every mix, project, and album with clarity and speed. It’s on sale for $50.
Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.
Trump’s do everything all at once approach to immigration enforcement is starting to go off the rails. Trump’s plainly stated hatred of “shithole countries” and their inhabitants manifested in early wins for his bigoted “remove the brown people” programs. Then Stephen Miller (the man who answers the “what if a lightbulb had eyebrows and was also a white nationalist” question no one asked) showed up and amped things up. 3,000 arrests per day! he screamed into the void. (The void did not respond to our request for comment before press time.)
A lot of wrenches approached the anti-migrant works and immediately threw themselves into it. First, ICE didn’t have enough officers to staff a surge. No problem, said the administration. Here’s $50,000 and almost no training to get you started! Here’s several (more!) billion dollars to keep it going! Here’s everyone we actually can’t spare from multiple federal agencies!
Bang! Into the blue cities they went, kidnapping and murdering their way towards Miller’s arrest quota. All well and good but at the end of the day, you’ve still got to have some lawyers left to fight the lawsuits these surges generated, as well as to handle challenges against detentions, removals, and direct flights to foreign torture prisons.
Well, the Trump administration no longer has enough lawyers left to do its dirty work. Whoever hasn’t been purged for not being loyal enough or exited ahead of the purges has been asked to clean up a mess with extremely limited amounts of resources and manpower. To make things worse, Trump’s handpicked prosecutors keep being kicked out of court because Trump bypassed the appointment process essential to them remaining employed.
Then there’s the self-inflicted reputational damage Trump’s DOJ has done. The government, for the most part, is no longer granted the presumption of good faith. Courts across the land are not only aware this government isn’t acting in good faith, but they’re refusing to pretend it is, no matter how much copy-pasted boilerplate appears in DOJ filings.
Hundreds of adverse rulings have already been handed down. Hundreds more are on the horizon, especially now that the DOJ has admitted pretty much every arrest that took place in an immigration court was illegal.
It all adds up to the long tail of “flooding the zone.” If you can’t bail water fast enough, you’re going to drown. Here’s how this is working out for the DOJ now, as reported by Kyle Cheney for Politico:
In dozens of cases over the past several weeks, Justice Department lawyers have declined to push back on detainees’ claims that they’re owed a chance to make a case for their release. In those cases, the administration has simply agreed to provide a bond hearing, or even outright release, telling judges that officials “do not have an opposition argument to present” or saying they couldn’t cobble together enough information to mount a defense.
[…]
The new phenomenon is the latest manifestation of the extraordinary strain that the administration’s mass deportation effort — compounded by the mass detention of people who have lived for years without incident in the U.S. interior — has exacted on the justice system.
While ICE bathes in newly awarded billions, the problems its efforts have created are being attended to by a skeleton crew that can’t keep up with Trump’s rights-violating fire hose. That’s created some pretty gaudy numbers, which certainly isn’t a compliment.
Federal judges have ruled more than 7,000 times in recent months that ICE has illegally locked people up without — at the very least — a chance to prove they can live safely in the community.
That’s a lot. This administration is setting judicial records that hopefully will never be broken. It’s not just the government losing cases on the merits. Many of these losses are the result of the DOJ simply being unable to respond at all to legal challenges by people ICE has arrested, detained, or deported.
If there’s a silver lining in this bigoted war on non-white people, it’s everything listed above. Trump’s administration may be evil and stupid in equal measures, but those aspects are being held in check by its inability or unwillingness to anticipate the natural side effects of sending wave after wave of masked goons into cities to kidnap anyone who looks a little bit foreign. The administration is a defective centrifuge that edges closer to disintegration with every rotation. What remains to be seen is who’s going to get hit with the majority of the shrapnel when it finally falls apart. We can only hope it’s the people that started it spinning in the first place.
Last election season the Trump campaign lied to everyone repeatedly about how his second administration would “rein in big tech,” and be a natural extension of the Lina Khan antitrust movement. As we noted at the time, that was always an obvious fake populist lie, but it was propped up anyway by a lazy U.S. press and a long line of useful idiots (including some purported “antitrust experts“.)
The Wall Street Journal last week published a new interesting story about that last bit. Specifically, it’s about how Mike Davis, a radical Trump loyalist and corporate lobbyist, found it relatively trivial to oust the small handful of actual antitrust reformers embedded within the MAGA coalition who occasionally cared about the public interest (Gail Slater and Mark Hamer):
“A Journal investigation found that Davis pushed antitrust officials at the Justice Department to approve his deals—and he went over their heads when they wouldn’t comply, according to interviews with more than three dozen DOJ employees, lobbyists, lawyers and others familiar with the antitrust division.”
Davis, who opportunistically pivoted to pseudo-big-tech criticism after being refused a job in the industry, is a transactional bully who was very excited about Trump’s plan to put minority children in cages last election season. He’s also, according to the Journal, been pivotal in elbowing out any remaining real antitrust enforcers to help Trump operate an even more “pay to play” government:
“Davis, despite having little experience practicing antitrust law, is one of the most visible practitioners of a change playing out across the division. Current and former antitrust officials said some mergers now get approval or draw mild settlements based on political ties rather than public interest. The new dynamic casts a shadow over the Justice Department’s integrity, they said, and has alarmed even some Trump loyalists in the department.”
And this is the Rupert Murdoch owned Wall Street Journal; not exactly the bastion of progressive left wing thought. In Davis’ head, he’s not easily exploiting the comical levels of corruption in the Trump White House, he’s just exceptional, according to comments he made to the Journal:
“I’m the best fixer in Washington, period. Full stop,” said the 48-year-old Iowan. “I know the people. I know the process. I know their pressure points. I know how to win.”
That Trump 2.0 was going to be a corrupt shitshow–and that the movement’s fake dedication to “reining in big tech” and “antitrust reform would be completely hollow–was one of the easier election season predictions I’d ever had to make. It should have been particularly and abundantly obvious to the ostensible fans of antitrust still peppered within the administration.
Even these “antitrust enforcers” within MAGA weren’t what you’d call remotely consistent when it comes to reining in corporate power. And while the Journal sort of romanticizes the first Trump term for “having guardrails,” it too was full of all manner of mindless rubber stamping of harmful deals that eroded competition and drove up costs (like the Sprint T-Mobile merger).
Yet, again, there were no shortage of press outlets (and supposed progressive antitrust experts like Matt Stoller) that spent much of last election season insisting that while Trump 2.0 might be problematic, it would feature ample populist checks on corporate power. You were to believe a sizeable chunk of the GOP had suddenly and uncharacteristically seen the light on antitrust reform.
Building meaningful and productive alliances with authoritarians is like trying to cultivate an intimate relationship with a running chainsaw. And the act of treating them as serious actors on antitrust reform (something Stoller and the press broadly did, repeatedly, with everyone from JD Vance to Josh Hawley) gave them press and policy credibility they never had to earn.
MAGA leadership is largely comprised of transactional bullies whose primary interest is in wealth accumulation and power. Everything else, whether it’s MAHA, or the administration’s purported antiwar stance, or its love of “antitrust reform” was an obvious populist lie, designed to convince a broadly befuddled electorate that dim, violent, and corrupt autocracy would be good for them.
In this episode, Matt & Lauren reflect on their recent trips to two dramatically different events: London Book Fair and Sponsor Games.
One is an international event attended by over 33,000 publishing industry professionals from around the world; the other is an intimate, interactive gathering of content entrepreneurs dedicated to learning how to secure brand deals and sponsorships.
Attending these two events back-to-back highlighted the overlap and discrepancies between two types of creative audiences, so we’re asking the questions:
🤔 What can authors learn from content creators/entrepreneurs? 💡 What can content creators learn from authors? 🫱🏻🫲🏽 What does it look like when someone is taking the best from both worlds?
Matt: Welcome to another episode of Publish & Prosper. We are back from weeks of traveling.
Lauren: It's been 84 years.
Matt: Feels like that long since we've sat in these chairs, to be honest with you. I'm almost wondering if we should have had them cleaned while we were out.
Lauren: They’re probably dusty.
Matt: Yeah, I would imagine.
Lauren: I was convinced I was gonna come back to my desk just under, like, a complete layer of dust. Perhaps some cobwebs.
Matt: You're ridiculous. Yeah, I'm going to leave that.
Lauren: Okay.
Matt: You’re ridiculous. I've had this weird tinge of guilt for the last 48 hours. Because I told you... canceled a trip that me and my family were going to take for spring break for the kids. Because we just don't want to deal with, you know, there's a lot of –
Lauren: Yeah.
Matt: – stuff going on at the airports and things. If you're listening to this at the end of 2026, maybe this makes no sense, but. Right now, in March of 2026, the airports are a mess.
Lauren: Maybe at the end of 2026 airports are shut down entirely. So who can know.
Matt: Gosh I hope not. But anyways, so instead we're going to take a trip that we can drive and not have to fly. And the destination choice was Universal Studios.
Lauren: Nice.
Matt: So booked like a whole thing there. And I've just been feeling this heavy Disney guilt the whole time, which I'm sure is ridiculous. But. You know, what's making it worse is in the studio right now, Lauren has this huge Disney 50th anniversary –
Lauren: I knew you'd catch that.
Matt: – like, shopping bag.
Lauren: And call it out.
Matt: That is literally like, down in front of me. You can't see it if you're watching the video, but.
Lauren: No.
Matt: That's all I can see. And so –
Lauren: I’m sorry.
Matt: – it's like
Walt Disney is just staring at me and like, with that face of like, you filthy traitor.
Lauren: I mean, you are filthy traitor.
Matt: I agree.
Lauren: Is that why you're wearing a Mickey mouse sweatshirt today? So that you can display your loyalty?
Matt: Maybe subconsciously that's why I put it on, I don't know. I think my kids are just getting tired of me dragging them to Disney World whenever we actually do something.
Lauren: Can't relate.
Matt: I mean.
Lauren: That's a them problem.
Matt: Yeah. Anyways, okay.
Lauren: It’s fine.
[2:29] - Episode Topic Intro
Matt: Today what we're actually going to talk about is what we feel authors and creators can learn from each other. And I just want to be clear, when we say authors and creators, we are speaking specifically in terms of the differences between the two personas or types of creators. An author being somebody who traditionally identifies as an author, spends the majority of their time writing and creating books, whether it's fiction, nonfiction, whatever. And a creator being somebody who actually, sort of, is not confined to one particular medium or another. They are in the business of just creating content. You know, not necessarily agnostic– or, you know, tied to one particular platform or medium, but is creating content solely for the benefit of monetization, potentially creating a brand or a business around it. So that's kind of how we're defining those two. And there are definitely some things that we think one could learn from the other and vice versa.
Lauren: Yeah. Cause I think there's – you know, this is absolutely not us saying that these are two completely –
Matt: No.
Lauren: – disparate groups. In fact, we've made the argument –
Matt: Certainly overlap.
Lauren: – repeatedly that they should overlap. Yes. But it's, it's – I think it's mostly like, having just gone to these two events that we're going to talk a little bit about, just back to back and, and realizing the difference between... Like one that was very, very author focused and one that was very specifically content entrepreneur and content creator focused.
Matt: Yeah.
Lauren: Just kind of realizing, like the different approach that both of these audiences have to their content creation in general, and then also like how they approach their business or brand or whatever they're identifying it as.
Matt: Yeah.
Lauren: Yeah.
Matt: So this is on the heels of we just returned from a couple of weeks of travel for two events. London Book Fair.
Lauren: Yup.
Matt: Which is a huge publishing industry focused event. I think the numbers that you pulled, or the stats were, it had about just over a thousand sponsors or vendors – Lulu was one of them – with booths there. And then looks like they've published that they had about 33,000, give or take, attendees.
Lauren: Yeah, that was reported by Publishers Weekly.
Matt: So it's a, it's a large show. But it is very much industry focused. It covers a broad range of, of industry niches. So everything from, you know, foreign rights and rights acquisitions to sales and distribution for actually the larger publishing houses. It's where a lot of people go to try and, you know, close the deal on, on partnerships with other brands or other publishers or their manufacturers or vendors or partners. And there's always a dedicated space for indie authors. And Lulu typically straddles that space between the indie author headquarters there and the, the technology and printing section, and the two theaters or stages that, that kind of represent both of those. That's, that's usually where we sit. So we're on the heels of that one. And then, you know, if you want to tell them a little bit about Sponsor Games.
Lauren: Yeah. So we, we left London and came back, came back to the US and then immediately flew to Texas. Which even just the, just the, the distinction between London and San Antonio, Texas… Just polar opposites in every way.
Matt: Immediately being – yeah. Within 24 hours you were on another plane.
Lauren: Yeah. Well, it took Matt a little longer.
Matt: Actually flying. It took Lali and I a little longer, yes.
Lauren: Yeah it was, it was a rough travel experience for you. But I made it to San Antonio and, and Sponsor Games was – I don't want to say the polar opposite, but Sponsor Games is a, is a three day –
Matt: I think polar opposite is okay.
Lauren: Yeah, yeah.
Matt: In a good way.
Lauren: But like not – not in a negative way. That’s what I mean.
Matt: In a good way, yes.
Lauren: Polar opposite, but not in a negative way.
Matt: Yeah.
Lauren: Just in a – this is like, literally a 50 person, including sponsors and vendors and everything, and Justin's team. This event is put on by Justin Moore. And –
Matt: Creator Wizard.
Lauren: Creator Wizard, author of Sponsor Magnet.
Matt: That's right.
Lauren: And this is a very, very like concentrated intensive workshop. It's a super interactive workshop. It all takes place in one room. There's no, like, breakout spots or anything like that. It's not like, you know, London Book Fair is this big, sprawling over the course of four show floors and –
Matt: Yeah.
Lauren: – and smaller rooms and everything. Sponsor Games is like, super concentrated, tailored specifically to this group of content entrepreneurs to help them learn how to pitch themselves for sponsorship deals.
Matt: Yeah, to secure brand deals and sponsorship deals from, from other – yeah. So it is very much tailored and curated, like you said. So I do think it's the polar opposite of London Book Fair.
Lauren: Yes.
Matt: But, but again in a good way.
Lauren: Yeah.
[7:29] - Reflecting on Both Events
Lauren: But it was just, I mean, going to these events back to back, it was, it was just very, like, eye opening of like, wow. Seeing how differently people approach the idea of publishing a book, the idea of working with brands or vendors or partners in any way. The questions that we would get from authors at London Book Fair versus the questions that we would get from creators at Sponsor Games. It was really interesting to kind of see that juxtaposition. And there were more than one instance throughout that where I was like, man, I wish I could put this person in touch with this person. And they could –
Matt: Yeah.
Lauren: – help each other out here.
Matt: It's also a very stark juxtaposition between how people treat their brands –
Lauren: Yes.
Matt: – and their content.
Lauren: Yes.
Matt: We often will go from a publishing event to a creator event, fairly regularly.
Lauren: Yes.
Matt: But because the turnaround was so tight this time, I think that's what made us go like, huh. Like these are so vastly different. Normally we've got a few weeks in between each event. We've already settled down from the last one. You go into the new one, you know, fresh eyes again. You've kind of already forgotten about the last event you were at and you're focusing on this one. We came into this one... They were so tightly, you know, conjoined in terms of time. Even though they spread across vast amounts of space, like going from London to San Antonio, Texas, you know.
Lauren: Which was a very cool city.
Matt: Multiple time zones.
Lauren: I did like San Antonio.
Matt: Anyways. So, yeah, it was just a lot more, I think, obvious to us this time. Yeah. Some of the things that we're going to talk about and so, you know, those are things like, what do we think authors could learn from creators and content entrepreneurs and, and vice versa? And what does that look like when somebody is kind of in, I guess, that Venn diagram middle section. Like as a creator, as an author, what happens when, you know, the two worlds align like just perfectly? Like what is the, the outcome there? What's the desired results? What does that look like and what could you expect from that?
Lauren: You're so determined to not use my Hannah Montana reference and say the best of both worlds. But don't worry, I'll do it. Happy 20th anniversary Hannah Montana.
Matt: Guilty as charged.
Lauren: But I do also, I kind of want to pull this in before we dive into –
Matt: Yeah.
Lauren: – the episode topic itself. Because as I was, I actually came across this article from Publishers Weekly as I was looking for the info on how many people attended London Book Fair. And Publishers Weekly had done a little write up on it, I'll link it in the show notes, but there were some some interesting things in here that I wanted to point out. If you're listening to this or a couple of our other recent episodes, and still questioning the relevancy of this to you as an indie author, or you as a content entrepreneur, or whatever. First of all, I did want to, you know, kind of remind everybody I love an event like Sponsor Games, where it is a small fifty person event, hundred person event, whatever. I love that kind of like intimate, tailored, personalized setting for events. I mean, I also love London Book Fair or ComicCon or BookCon or something like that. But –
Matt: Yeah, sorry, I was ordering lunch.
Lauren: It's – oh my God, am I missing the lunch order?
Matt: No, no, no. We're sorting it out, don't worry.
Lauren: Okay, great.
Matt: I agree. For me, I will say I used to be terrified of these smaller events where you’re in one room, it's curated. You know, there's typically less than sixty, seventy, seventy, sixty people, whatever, it doesn’t matter. Because as an introvert, like –
Lauren: Oh yeah.
Matt: – that forces you to kind of be a much more active participant in the event. And I'm, I like to kind of hang back and just get the feel of it and then, you know, try to add value where I can, without being like – But I will say that the way that Justin and his team curated and, and, executed this event was a much different experience and much more enjoyable, and it really made you want to step in and be an active participant in that, so.
Lauren: I just think there's something really nice about the like, you kind of get to know everybody. And like, everyone gets to know you. And it's like you can actually take the time to answer somebody's question, like specifically. If someone's coming up to you –
Matt: Yeah.
Lauren: – and is asking like, how would books work for me? Like, you can actually be like, okay, like, let's take a step back, what's – tell me about your content channel. Let's talk more about your goals for that. Whatever. You can spend more time with people.
Matt: Yeah, that's the fun part of our job.
Lauren: Yes.
Matt: Sorry, I didn't mean to –
Lauren: Which – no, no, no, I – I'm glad you did. Because, you know, I’ve also like, sang the praises of how much I loved Momentum, Lou Mongello’s event, which is very similar.
Matt: Yeah.
Lauren: Fifty person –
Matt: Yup.
Lauren: Single room, multi-day event. But there is still a lot of value in these, like, massive industry –
Matt: 100%
Lauren: – events.
Matt: It's just a different kind of value.
Lauren: Yes. And one of the things that, that Publishers Weekly pointed out in here is, London Book Fair “primarily serves as a venue for the rights trade for English language books, and is a bellwether of what the world wants to read.” So I think that's really, really important for people that are invested in publishing in any way, whether it's traditional or indie. If you are an author who is actively putting out books, or a creator who is trying to find the right type of book to put out in the world, you have to be paying attention to these events. I'm not saying you have to attend them, but you have to be paying attention to the news and insights and announcements that come out of events like this, because it's really letting you know what's trending in the industry right now. Which brings me to my second quote from here, which is very relevant to the episode that we just put out... I think it was two weeks ago at this point, about indie publishers or indie authors securing more traditional publishing deals.
Matt: Yeah.
Lauren: This is a direct quote from Jake Bauman, who is the SVP for Literary Development at Sony Pictures Entertainment. Because remember in that episode we talked about how it's all media corporations that own the publishing companies, so they have a vested interest in this. He said, “the conversation feels more fragmented, fan-driven IP and books coming out of the self-publishing pipeline remain a major focal point, while upmarket commercial book club fiction continues to be the dominant lane agents are pitching.” That's really important. It's really important to know that this is what pne of the VPs at Sony Pictures Entertainment is saying.
Matt: Yeah, it’s, it’s –
Lauren: The self-publishing pipeline is important.
Matt: Well, it's also a stark contrast between the two. So when you look at the media world, they're looking at the self-publishing pipeline, indie published content, which includes creators and people who operate in the creator economy. On the flip side of that, you have the literary agents who work on behalf, you know, of of the big five publishing houses. And from a literary standpoint, you know, books being published, they're looking elsewhere. They're looking at that whole sort of book club segment. And those are typically your, your best sellers and a lot of the more top name authors. So that's a pretty stark juxtaposition.
Lauren: Yes.
Matt: Between the two industries and what types of content they're looking for and where acquisitions are being made.
Lauren: Yes.
Matt: Yeah.
Lauren: Which is then also why this conversation is so important and why it is so important for us to say like, hey, if you are an author listening to this and you are in any way struggling with like, you know, I, I heard your episode or I'm listening to, to you guys talk about things like traditional publishing deals or leveling up my books or reaching new audiences or whatever, but I'm having a hard time doing that. Because you can learn from creators and how they're approaching things.
Matt: Yeah.
Lauren: And how that translates to you.
[15:52] - What Authors Can Learn From Creators
Lauren: So for the subject of what authors can learn from creators. Number one most important thing is how to treat your content as a business.
Matt: Yes. Yeah.
Lauren: Absolutely.
Matt: Yeah. I think where content creators, content entrepreneurs and just, you know, people who identify as creators in general, where they get it right is that is sort of the core function of what they perform on a daily basis. It's not creating the content. That's actually a smaller portion of what they do. It's, it's the promotion of that content. It's the monetization of that content, and it's the treating that content like a business so that they can rinse and repeat and grow whatever it is they're trying to build, whether it's a brand or something like that, and whether it's for the purposes of, you know, something long term that they hold on to or something they want to build an exit from. They're treating it like a business, you’re right, absolutely.
Lauren: I think that there's... I mean the, the question that I got asked the most, I should have kept the tally, honestly. But the number one question that I got asked at London Book Fair by authors coming up to our booth was –
Matt: Where's the bathroom?
Lauren: No, that was an easy one because it was right down the aisle from us. No, it was: does Lulu offer marketing services? And everybody wanted – that was, that was the hot topic. And it has I mean, it has been for years. The report that we did last year, the Books and Business Insights Report that we did last year, the top challenge that the respondents reported facing – regardless of what their income level was, or time invested, how they're approaching, whatever – the top challenge was marketing. And I'm pretty sure our 2023 report that we did with the Tilt also had very similar results.
Matt: It's always going to be that.
Lauren: It's always going. It's always going to be that. It is, absolutely –
Matt: Cause here's a secret. And don't come at me in the comments – or you can, I don't care. If, if you're a publishing-related business, you don't do marketing well. Right?
Lauren: Yes.
Matt: I don't care who you are. I don't care if you're Penguin Random House or Tor or some other cool sub-imprint of a bigger imprint, or a hybrid publisher. If, if, if you're making claims about being an expert marketing team or – it's just not true, it's not right. It's – you're either super good at publishing or you're super good at marketing. You're not super good at both. Most... it'd be very rare to find one. So that is almost always a problem.
Lauren: Yeah. And, and that was that was a point, that – I had this conversation several times with people. Where, you know, we were kind of going back and forth and they would be like, well, first of all, I don't understand, like, why can't I find any self-publishing company that offers marketing services as part of their like, like suite of solutions? And I was like, you're never going to. You're never going to –
Matt: Well you'll find them, but they suck.
Lauren: But they – or they won't be, they won't be valuable, or you're going to have to pay.
Matt: That’s right.
Lauren: Like you're definitely never going to find them that it's a free part of their services. But then we, you know, we'd go back and forth on this for a little bit and then the, the person would be like, well, so you're saying that I have to go traditional publishing if I want to do the marketing for me? And I would say no, because they're not going to do it for you either. They will do some. They will provide more marketing support than a self-publishing or, or indie publishing service will.
Matt: Yes.
Lauren: But, you are still – as the author, most authors that are traditionally published in any capacity are doing some marketing on their own too.
Matt: Well, they're hiring freelance marketers –
Lauren: Yes.
Matt: – or publicists or people to help them, which I think is the right way to do it.
Lauren: Absolutely. Absolutely. But it's not – there is no, there's no – anywhere, there's nothing anywhere that is doing 100% of the marketing for your book as an author.
Matt: And if they are or claim that they are, they're not doing it well.
Lauren: No. I wouldn't trust them.
Matt: Yeah.
Lauren: And I definitely wouldn’t pay them.
Matt: I mean, we're marketers that work for a publishing company.
Lauren: Yes.
Matt: But I mean, we still don’t offer marketing services. Like the core of what we do is publishing technology. It's about getting books into the hands of readers, period. And, you know, primarily through direct sales channels and things like that, but. You know, marketing is better left to marketers, not publishing companies or, or publishers who claim to have a marketing department that will – Like just go find a good marketer. And by the way, if you go outside of the publishing ecosystem to find marketing help, whether that's, you know, a freelancer or an agency or otherwise. You're probably going to get some cooler out-of-the-box types of, of marketing tactics being deployed on your titles. Which are ultimately probably going to lead to better book sales and more discoverability. So I would always go outside of the publishing ecosystem if you can. But again, back to, to the the topic here, that is the number one thing that creators and content entrepreneurs get right, is they treat their content as, as a product. It's the business. It's it's – so, you know, the business of getting that product monetized to create long-term growth. So, I just think that there's a there's a lot that authors can learn there. And sort of bridging that gap is not easy. But the more that you immerse yourself as an author in that, that sort of creator and creator marketing world, and better understand what they do, I think the better off you'll, you'll be able to support your own efforts.
Lauren: Absolutely, 100%. And that's, you know, I guess, I guess one thing I really kind of left out of this topic is how. How people can go about doing these things. So if, if you are listening to this and this is resonating and you're like, wow, yeah, I that's – I would like to add some, some fresh marketing perspective. Go find a content marketing event. Go find – whether it's an in-person event or like an online, like a virtual workshop or a webinar or something. Find something related to... like an introduction to content marketing. And start there.
Matt: Yeah. And to be clear, you know, try to find something that is very much focused on content marketing.
Lauren: Yes.
Matt: And not just, you know, don't go and immediately sign up to the largest general marketing event you can find. Those are oftentimes worthless as well. They're big pitch fests for big brands. But go find a smaller content marketing event. Maybe start with one that's virtual and online. I mean, we love in-person events. I think there's no denying the value of those. But if this is your first time, you know, potentially attending or participating in a content marketing event, maybe find a virtual one. There's plenty of them out there that are, that are pretty good. So that would give you a better idea. And then maybe branch out and find yourself an in-person one. There's a lot of those out there as well. You know, we've talked about Momentum, which is Lou Mongello’s. That's a great one. There are several others. And I know of a few more that'll be popping up next year that are in the works. So, you know, just, just look for those.
Lauren: I think there's definitely a rise of like, smaller, focused events.
Matt: Yeah.
Lauren: Like, I think that's something that we're really seeing more and more of, whether they're in-person or online. And I absolutely, you know – and we've done whole episodes on how much we like in-person events. And I'm never going to knock an in-person event. But if, if you're just like, you know, feeling out this space and seeing like, okay, is this, is this the right direction? Like, can I actually get value from some kind of like content marketing education here? Start, start small with something that's not a physical commitment that you have to travel to.
Matt: Yeah. The next thing I think that, that authors could really learn from creators or that creators do really well, that authors sometimes or oftentimes don't – or just don't really know to focus on – is building your brand. And so a lot of authors tend to focus and go from title to title.
Lauren: Yes.
Matt: And what they don't put enough emphasis on, or spend enough time doing, is building their brand as an author or a creator, as somebody who creates content. And I think that's where creators often get it right in building their brand. Whether that's them as a, as an individual and that's your brand, or you actually create a brand. But either way, building that, and that brand association, so that people come to recognize that whatever comes from this brand, whether that's a person or entity, they can trust that it's quality, that it’s something they're going to enjoy, that it's worth spending their money on.
Matt: So creators do that really well.
Lauren: We talk about the idea a lot of... like, the instant buy, like things that we're fans of that we don't need to know – whether it's an author or a music artist or whatever. Whatever it is, I don't care. I feel like that's always the goal for any kind of creator. And I think that's something that content entrepreneurs and content creators are really good at. Like, I'm going to follow you... There are people that I've – I think I told you about this, Jeff Sieh and Katie Fawkes just launched a new live video podcast that they're doing every Friday. Like, it's The Makers Table, I think. And it's literally just the two of them. Jeff whittles and Katie's crocheting, and they talk while they're doing it. I'm there. I love it. I – because I like these two people a lot and I like their content and I find value in their content and I'm down for following them on like, whatever new journey they're going on, because I'm curious to see where it goes and how that unfolds. And when you have like a loyal audience, when you are a creator that has built this loyal audience, you can get them to follow you on that journey.
Matt: Sure.
Lauren: And I think that authors can definitely benefit from that too, because that's the goal, right? You want to have the kind of base of readers that whatever new book you’re, you're going to put out, they're going to come and buy it from you.
Matt: Yeah, yeah. We have an author, Katie Cross, that works with us, that she's done a really good job of building her brand. And so, you know, when she travels, you know, sometimes... An example. She had to come to the area where we're located, our headquarters in the Durham area, for a wedding. But, you know, she can and many times, just put out there like, hey, I'm going to be in the city. Are there any fans, people that want to meet up and, you know, get together and, you know, talk books or whatever? And, and oftentimes, most times she has a lot of takers. And again, it's when you build that direct connection with your, with your fans, with your audience, with your customer base, and you really do a good job of building your brand so that people come to recognize it. You can do things like that and you can monetize in a number of different ways. And, you're going to see the long... probably the long term benefits of what you're doing. You're going to realize those a lot faster than somebody who's not, so.
[27:08] - What Creators Can Learn From Authors
Lauren: So this isn't in any way, shape, or form an opportunity for us to just knock on authors for an hour.
Matt: No, not at all.
Lauren: Because they're, you know, what you may have noticed from the intro or the title is that we are very much saying that these are things or there are things that these two audiences can learn from each other. So there's definitely plenty that creators can and should learn from authors as well.
Matt: Well, and both of us have a very high regard and respect for authors in general. And their craft –
Lauren: Of course.
Matt: – and what they do. As avid readers and book nerds, like, absolutely we're not knocking authors at all. And in fact, we, we do a lot of this because we want to elevate –
Lauren: Yes.
Matt: – most of the authors that are out there that, that, you know, are struggling with some of these things. So. As you just said, though, there is a flip side of this coin, and we think there are things that, you know, again, on the heels of, the heels of these two events, there are things that we think creators could learn from authors that authors do really well.
Lauren: Yeah.
Matt: One of them is what I just mentioned, and that is the actual craft of writing. Like, you know, there, there’re just – there's a very clear difference between somebody who, who knows how to write really well, enjoys it, knows the craft, understands how to put together a good story or narrative. And when you can do that, the actual content doesn't even matter.
Lauren: Yup.
Matt: Like, if you can craft content properly, if you can write a good story or a good narrative, if you know the elements... What the actual content – you could be selling me, you know, a 1955 Ford that has no wheels on it. You know, half the engine is missing, no exhaust, and the paint's peeling off. But if you wrote a really good story and narrative around it, I'll probably buy it, I’ll at least come look at it. Like. So, you know, understanding craft. Like the, the, the, the whole concept of, of properly outlining and writing content and then editing it. And the difference between, you know, writing an actual book versus short and long form content for digital and social media outlets and things like that. Like understanding the craft, I think, is, is a big, important part.
Lauren: Absolutely it is, because I do think that, that's you know, probably the number one pushback that we get from creators when we're talking about the idea of using a book for their content or their brand –
Matt: Yeah.
Lauren: – is the, you know, the people that are saying, well, I mean, yeah, I understand the value and I think that's a good idea, but I'm not much of a writer. All right, homie, a bunch of people that are writers aren't much of a writer either.
Matt: That's true.
Lauren: They had to learn. They had to develop their craft. They had to do – I went to grad school for creative writing. Like.
Matt: Yeah.
Lauren: That is something that you have to actually, like, learn how to do and how to, how to work at. And if you are somebody who understands the value of this, but you recognize, like, yeah, you know, all of my content creation so far has been short form video content. And yes, I write scripts for these short form videos, but writing a script for a three to five minute video is nowhere close to writing a full length book. Like, yes.
Matt: Agree.
Lauren: You're not wrong about that. And even if you are going the route of taking your existing content and, and organizing it into a book, that's still – like you still need to understand the craft of how to do that.
Matt: Yeah.
Lauren: And the way to learn how to do that is to go learn from authors, because they have perfected that already.
Matt: It's what they do all day, every day.
Lauren: That is, that is, in fact, exactly what they do. So I think that's hugely valuable. And kind of on the heels of that, and to go along with that, then, is the storytelling that goes with it. And whether that's storytelling within the content of your book or storytelling as part of your overall brand narrative.
Matt: Yeah. And specifically for creators, you know, understanding how storytelling is actually a marketing tactic –
Lauren: Absolutely.
Matt: – it should be the core of your marketing. And on a side note, I was just looking at – so, another event we’ll be attending soon is put on by the IBPA. It's called Publishing University. They announced their keynote speaker, maybe a week ago. It's Donald Miller. Donald Miller writes the, the StoryBrand, sort of, series of books. It's – they're basically marketing books though. And it's all about, you know, using story and storytelling and narrative to, to market and sell. It's a perfect overlap.
Lauren: Yup.
Matt: You've got a publishing conference here, once again, who the keynote speaker is an author that actually writes about using storytelling and narrative to market and sell things. So, you know, there's clear overlap here. But again, creators understanding craft and then now also understanding how to use storytelling as your marketing, you know, the core of, of your marketing. Like, like I said, if you can, if you can craft a really good story, if you can write a really good story or a really good narrative around whatever it is... like, you've won already. Like, you're going to suck in some readers, you're going to pull in some interested parties, and you know, without it you're not. But I think some of the best nonfiction content that I've read – fiction, obvious – but nonfiction content I've read always starts with some sort of, you know, either personal anecdote or just a really good element of a story that kind of – it draws you in. Even though it's nonfiction. Like, you just get this really comfortable sort of feeling when you start reading this content. So, I couldn't, I couldn't agree more. I think that if more creators were able to craft really good story and narrative around their content, or the, the concept of something, a product or brand or whatever it is they're doing, they would find success faster as well.
Lauren: Yeah, I will drop a link in the show notes, if you want to learn more about that event.
Matt: I think something else that, that authors tend to do really well, when they are able to, to sort of execute on it, is connecting with their audience. And so a lot of actually achieve this without trying too hard. Oftentimes what happens is a community will spin up around an author, sometimes unbeknownst to the author initially, but nonetheless, once it is known, authors are typically really good at connecting with their fans and their readers and things like that. It's – this is – this doesn't mean that the creators aren't good at building an audience, but there's a difference between building an audience, right? That, that will potentially purchase content from you or participate. And being connected with that audience.
Lauren: Yes.
Matt: And participating with that audience and really being a part of that community, versus just facilitating something. And I think that's really cool.
Lauren: Yeah. I think that's... Because obviously, I mean, we just talked about this in saying what authors can learn from creators, creators are very often good at building that audience and building a fan base of people that are fans of their brand and not of a specific piece of content of theirs. And that's what authors need to be doing more of. But I do think that for a lot of creators, they find themselves kind of stagnating at a certain point within that. Where they're like okay, I've got, I've got my audience. Like, I've got these people that follow me on social media, but I'm having a hard time mobilizing them, or I'm having a hard time getting them to convert from Instagram followers to email subscribers, or getting them to buy my content or join my paid community over here. Or whatever. And I think that for a lot of creators that find themselves stuck at that level... go check out what authors are doing. Go find out, like – authors are getting people to, like, their street teams to promote their book for them for free. How are they doing that? Go figure that out. Go learn from them. Go see what they're doing. Worst case scenario, you get some new ideas for how to try building up those audience connections. They can't hurt.
Matt: Yeah.
Lauren: But I think it's always... I mean, the same thing that we said kind of throughout this episode. It's, it's never a bad idea to just step outside of your area of expertise and see what other people are doing in, like, the next industry over.
Matt: Yeah.
Lauren: Or a tangentially related industry and just see, like. So, fresh perspective, fresh eyes. What are people doing here? How can I relate that back to what I am trying to do?
Matt: Yeah.
Lauren: And I think that the people that we see having the most success in both of these fields are the people that are doing that and taking the best of both worlds.
Matt: Yeah.
[36:26] - Learning from an Author Doing it Right
Matt: I think when we talk about where all this meets in the middle again, that that part of the Venn diagram where there's overlap and that's, that's usually where your, your, your success happens. Your sweet spot. That's where, you know, all of these things are working together harmoniously to, to help you sort of grow. When we talk about people who have done a really good job with that. You know, on the author side we mentioned Katie Cross. Katie's done a fantastic job of all of these things. You know, on the author side, obviously no shortage of being able to generate really good stories, really good series in a couple of different genres. She's a prolific and avid writer. And has built a really good, solid fan base. But also part of her success was that she's utilized a lot of these things that we talk about that are typically found more on the creator side, or people who are really doing more of the marketing and sales stuff related to growing a business. And she has put a lot of that in place over the years. She's spent a lot of time, a lot of trial and error, and she has devoted a lot of her time to trying to teach other authors how to do it, oftentimes for free. You know, she, she speaks at a lot of author conferences, or has in the past, on how to do some of these things. She's very open with, you know, her experiments. Where they've failed, where they've been successful. So, you know, if you're looking for a great example, on the author side, of somebody who has, you know, squarely landed in the middle of that Venn diagram and is clearly, you know, got a good grasp on how to combine all of these different tactics and the best of both of these worlds. Somebody who could move freely, if she wanted to, from London Book Fair to, you know, Sponsor Games or you know, CEX or another creator event, over to DragonCon and then back – like, she would have no problem moving in any of those circles.
Lauren: Oh yeah. Not just –
Matt: Because she's commanded a really good grasp of all of those tactics and all the ways that she would put those things together to build this, this brand that she has around her name as an author or creator at this point.
Lauren: I mean, yeah, not only could she easily find relevancy in attending those and connecting with the other attendees there, but she could probably give a speaking session at every single –
Matt: Absolutely.
Lauren: – one of those events.
Matt: Yeah, that's my point.
Lauren: That would be relevant to the people there.
Matt: Anybody can –
Lauren: Yes.
Matt: – go and show up and attend these events.
Lauren: Sure.
Matt: Yeah. But she could absolutely get on a stage at any one of these events and talk about what she's done. And it'd be relevant to everybody in that audience.
Lauren: Yeah.
Matt: For any of those events. Period.
Lauren: Yeah.
Matt: Yeah. I mean, she's done sponsorships for her stuff. She has secured brand deals. She has secured, you know, other types of publishing deals. On the flip side of that, she's pretty much indie published everything that she's done. Successfully. She's got a great direct sales channel.
Lauren: Yeah.
Matt: Where she establishes connections.
Lauren: Fantastic examples of, of using direct sales –
Matt: Yeah.
Lauren: – to build your audience to like, tailor and customize that, custom – oh my God – to customize that customer journey and that experience, where it's very clear – I'll link her website in the show notes, definitely go check that out if you're curious about any of this. Because it's really, like, it's very well branded. It's very well designed. She has a clear like, if you're here about this book series, go here. If you're interested in this book series, go here. She's, she's very, very like, specific and intentional with –
Matt: Yeah.
Lauren: – everything that she does. And it's because she treats her writing business as a business.
Matt: Yeah, absolutely. And to that end, by the way, you know, we talk a lot about, you know, all these things that you should do. You know, having a website or a storefront and all these other things. You know, again, in terms of treating it like a business, she recognizes the value and when, when you can afford to pay an expert to do it for you. Just like we said earlier, if you're in that author world and you're not great at marketing and sales. And you've already tried, you know, working with a publisher to get your stuff marketed and they failed, which they normally will. Go find a freelance marketing, you know, consultant or an agency or somebody or – she has paid somebody at this point to build up her website and her Shopify storefronts so that it does have that very professional feeling. So that it does, you know... the user experience is very much cohesive across all of the different, you know, genres and books that she writes. And so, treat it like a business. Invest the money and the time, when and where you can, as you continue to grow along the way.
Lauren: I do also want to point out within that, that if you're reluctant to pay for marketing services because you're like well, that's just, like, a never-ending money pit, I'm just going to be throwing money into that forever. Absolutely not, if you're doing it correctly. If you're hiring the right kind of agency or freelancer –
Matt: Or if they're doing it correctly.
Lauren: If they’re doing it correctly.
Matt: Yeah.
Lauren: Yes. Because it should run itself after a while. If your marketing is done well, it should continue to build on itself without you having to pay somebody to do it –
Matt: And there’s –
Lauren: – if they’ve set it up correctly.
Matt: Well, but there's also always a quantifiable return on your spend.
Lauren: True.
Matt: You know, almost every bit of, of, especially performance or digital marketing, but in general, almost every form of marketing – Now, events gets a little murky. It's sometimes hard to track. But, you know, if you're paying a marketer to do stuff for you, typically they're doing digital stuff. It's, you know, paid ads and social media stuff. That is all quantifiable, trackable, you – there's a return on your spend. If that return on your spend is 200% or higher, it doesn't matter what you pay them, because you're making double back. So who cares what it costs. It's working. So yeah, keep doing it. The flip side of that is, like you said, like... If it's not working, you're going to know. So stop spending that money. Tell them to figure it out, or go find a different marketer to work with, or a different agency to work with, or something like that. But marketing doesn't have to be this scary, unknown void of like, oh, I'm just throwing dollars into this well, and I'm not seeing any – it should not be.
Lauren: Right.
Matt: Most of the marketing that you would be doing, you should very much be able to see in black and white the return on what you're spending.
Lauren: Yes. And it's also, it should build on itself in the sense of like – Of course. – if you are, you know, if you're building the audience base now, if you are investing in paid marketing to build this audience base now, and then you're continuing to funnel content to that audience to develop those relationships with that audience. Then by this time next year, maybe you don't have to pay to market your next book to that audience. Because they are loyal enough at that point –
Matt: That's right.
Lauren: – that they're going to buy it from you without the paid marketing.
Matt: That's right.
Lauren: So you're, you're paying to establish your, your marketing setup and then building on it from there. Maybe with tapered –
Matt: Yeah.
Lauren: – investment.
Matt: Yep. Yeah.
Lauren: For sure. And also before we move on to the next example, I do want to point out that Katie is a fiction author. So if you're listening to this –
Matt: Yeah.
Lauren: – and you like well, it's all, it's always the nonfiction, it's always the business people or the entrepreneurs or whoever. No no, Katie is doing all this as a fiction author.
[43:48] - Learning from a Creator Doing it Right
Matt: On the nonfiction side – or on the creator side, I should say, not nonfiction necessarily, but. On the creator side we worked with someone recently or, you know, fairly recently. His name is Austin Church. And he basically... his whole sort of business, what he does is he educates other freelancers on how to charge more money, how to make more money as a freelancer. Whether you're a freelance graphic artist or a freelance writer or freelance, you know, some sort of consultant or designer. Austin has become, you know, one of the leading sort of, I think, experts in how to operate as a freelancer, get paid what you need to get paid to lead the life that you want to lead. But what Austin does really well, you know, not just on that creator side with the business stuff, but in keeping with the spirit of what we're talking about. Austin's style of writing, you would think that he has a fiction background. Like, he understands the craft in and out, like he's just an extremely talented writer. And the way that he writes – almost every long form piece of content he puts onto LinkedIn, even short form, for that matter. And his book that that was, you know, an amazing book. There's so much story and narrative built in, like, it's just easy to read anything that, that Austin writes. His LinkedIn posts are great, his newsletters are great. They always start with some sort of, again, a personal anecdote or story or something funny or self-deprecating, you know, with him or his kids or his family or just anything in general. But they're always entertaining. And he's almost always, if not always, able to tie it back in to some sort of marketing or sales concept that helps people further themselves in their business, in their brand. So he just does a really good job of bringing in, like we talked about those those elements, you know, that are most closely associated with the craft of fiction writing, you know, and this idea of weaving storytelling into actual marketing and sales copy.
Lauren: I think there's a really underappreciated value in that. I am subscribe to Austin's newsletter. I am not a freelancer. I don't think 95% of his content is relevant to me in terms of like professionally, what I have any interest in doing, but I open and read that newsletter every Friday.
Matt: Yeah, I never thought about that.
Lauren: The fact that I know it comes out on Fridays. I read his newsletter every Friday morning when it shows up in my inbox.
Matt: That's, that's actually a testament to what I just said. Because –
Lauren: Yes.
Matt: – I've never thought about that either. I'm probably the farthest thing from a freelancer, but I read every single one of his newsletters… Yes. Yeah. And quite frankly –
Lauren: Because he’s such a good writer that I want – like, I read them. For fun.
Matt: – some of this stuff actually, I don't think is is just for freelance people. There are things that he has written about where beyond the, you know, the, the entertainment value of reading something that he's written. It just makes you feel good. It makes you want to keep reading. There are concepts that I've, you know, pulled out of there. That doesn't matter if you're a freelancer or you're, you know, C-suite as a marketer at a publishing company.
Lauren: Yeah.
Matt: Like, they're relatable, there's value there. So again, I think that is a testament to, to the, the craft and the ability to, to use story really well.
Lauren: I think there's also, the value in having people that are invested in your brand or content, especially if they're not related to it. Like – cause I can understand people maybe hearing that and going, okay, well like, why do I care if people are engaging with my content, but like, they're not going to buy my course or my products or whatever? There are, there are plenty of people that I'm a fan of their work without it being relevant to me, that I'm basically just sitting here waiting for them to put out something that is relevant to me. And the second they do, I'm going to buy it, or I'm going to subscribe to it –
Matt: I’ll actually –
Lauren: – or I'm actually going to participate in it, because I want to support them.
Matt: I'll actually do one better.
Lauren: Okay.
Matt: The reason why you should care, potentially, is because while yes, I do find value at times in what he's written as a non-freelance operator, also understanding that a lot of the content is geared towards freelancers. What I will say is, you know, it would be easy to say well, this isn't relevant to me, I'm not going to keep reading newsletters. But they are so entertaining, they do draw you in. And any time I'm in a room and there's freelancers in the room...
Lauren: Yes.
Matt: Do – who am I recommending to them? There's only one person.
Lauren: Yep.
Matt: Austin Church. So yeah, you might go, well, again, what do I care if people are, are reading my newsletters or my content regularly, but they might not be able to partake in the services I'm offering. You should care because they have a mouth. Word of mouth is applicable in almost every in any scenario, whether they've paid for your services or not. If they find value in who you are as a creator, as an author, and what you do, chances are they know somebody that could benefit from your content. And you will be the first one, or the first name that comes out of their mouth, if you're able to establish that kind of a connection with them.
Lauren: I was just telling somebody this at Sponsor Games, when we were there. That last year at CEX Justin was walking around handing out copies of his book to people. And loudly handing out – like he was like, we were in a big, like, open atrium and you could hear him throughout the whole room giving out copies of his book to people, for free. And three months later, when I was at Momentum, somebody asked a question in the room about sponsorships. And before I could even open my mouth, three other people in the room that had all been at CEX, said you gotta check out this guy Justin and his book Sponsor, Sponsor Magnet. And that is where it becomes relevant, because even if none of them – and I don't know if any of them had, were interested in sponsorships or read his book, or were looking at it or whatever. But immediately passed on that recommendation. And I watched that happen in real time.
Matt: Yeah.
Lauren: And was like, wow, that's fun. Great.
Matt: Yeah.
Lauren: So absolutely relevant and absolutely cool to see it happen. We love to see it happen. Would love to see it happen more, you know?
Matt: Well, I mean, I think we will.
Lauren: I think so too.
[50:34] - Episode Wrap Up
Matt: There's a lot more author and creator events on our schedule for this year, so.
Lauren: Can't wait.
Matt: And I don't see that changing any time soon.
Lauren: So you're not totally burnt out on travel?
Matt: Or I'm burnt out on travel.
Lauren: Okay.
Matt: 100%. But –
Lauren: And, and when are you going to Universal?
Matt: In three days. Yeah. I'm burnt out on travel. Doesn't mean I get to stop traveling. It doesn't mean we get to stop doing events. I mean, that's a big part of what we do, and I wouldn't have it any other way.
Lauren: I mean, you already know this, but I literally on the flight home from San Antonio, booked a flight to Orlando. Because I said, if I'm going to keep traveling, I might as well get some Disney time in there. So, same. But the travel, it's still fun. What was your, what was your favorite thing we did in London?
Matt: That's a hard one because this year I didn't really do anything –
Lauren: Yeah.
Matt: – outside of the trade show, the book fair. Normally we’re there a little longer, or we, we plan more activities outside of it. But I think this year specifically, my favorite thing about London would probably have to be... And this is kind of a cringe response, but. We drastically changed our booth approach, and our messaging, and our positioning in the market. And so this was the first time we were able to roll that out, and see how it resonated with people. And as a marketing nerd, which I don't talk about very often, that was actually really cool to see. And, and see how that played out in real time. So yeah, I guess this year that would have been my, my favorite thing. Was just really seeing how people reacted to, to our presence this year versus previous years.
Lauren: That's fair.
Matt: So.
Lauren: That's okay.
Matt: Yeah.
Lauren: Well, I'm sure London will, will still be there next year.
Matt: Well that's – Yeah, I hope so.
Lauren: What about Texas?
Matt: Oh, I have to say my favorite part about Sponsor Games this year – cause we were there last year.
Lauren: Well you were there last year.
Matt: That's right. The royal we as, as Lulu.
Lauren: Right.
Matt: This year there was a couple of things. One, I absolutely requested that if we were coming in as a sponsor again this time, that I wanted the Lulu logo branded on the foam of every latte that came off that barista cart in the back of the room. And Justin absolutely made that happen. So that was really cool to see.
Lauren: It was really cool.
Matt: And obviously, not obviously, some of the best coffee lattes I had had in a long time. So shout out to, to Justin and whoever the coffee people were that he hired. But –
Lauren: Shout out to Sara for putting that together too.
Matt: There you go. Yep. Sara Loretta as well. The other really cool thing this year was Justin and Sara had arranged for all of us to have dinner one night on a boat that goes down the little canals there and on the Riverwalk in San Antonio. So we had three or four boats and we all ate dinner having boat rides and a, kind of a tour of that Riverwalk downtown San Antonio area. And that was really super cool. I wasn't sure if I would like that or not.
Lauren: Yeah.
Matt: But it ended up being a highlight of that event.
Lauren: I agree, that was absolutely my favorite.
Matt: It was also a great way to come out outside of my my comfort zone there and, you know, talk to other people on our boat. So yeah –
Lauren: I know, I was –
Matt: – that was really cool.
Lauren: I was very impressed that you stayed.
Matt: I wasn't sure if I was going to or not.
Lauren: I know, I know. But no, I agree that was absolutely my favorite part, because it was a really – it was a cool way to get to see San Antonio. It was a cool experience. I was sat at a table with a lovely group of people that I got to have some really nice conversations with, and our tour guide was really funny.
Matt: Yeah. Yeah.
Lauren: So, gave us a nice little, like, Jungle Cruise light experience.
Matt: I was going to say he was, he was probably one level away from being a good Jungle Cruise operator.
Lauren: It’s okay.
Matt: If he wanted to be, I think he could do it.
Lauren: We'll help him out with that.
Matt: Run that Jungle Cruise.
Lauren: Absolutely. Alright.
Matt: Anything else you want to talk about? I want to go eat lunch.
Lauren: I do too.
Matt: I’m starving.
Lauren: Do you think it’s here yet?
Matt: I don't know.
Lauren: Let's go find out.
Matt: Yeah.
Lauren: Alright. Well, thanks for listening. Thanks for traveling with us. Whether it was physically or metaphorically. If there's anyone listening that we met over the course of our two weeks of travels there, thanks for listening. Thanks for joining us. And if you have never traveled anywhere with us or met us anywhere, maybe you should. Maybe you should check out some in-person events.
Matt: Go check out our, our new events page –
Lauren: Yeah.
Matt: – that we launched on our website.
Lauren: I’ll link that in the show notes –
Matt: Yeah.
Lauren: – and you can see where we'll be at later this year and see if maybe any of them are the thing that you need to help you out with your author or content creator journey.
Matt: Yep.
Lauren: Yep.
Matt: Alright. Like and subscribe. Do all the things. Give us a review, please.
Lauren: Please.
Matt: Yeah, we're still sitting at the same amount we've had for like a year.
Lauren: I know.
Matt: I don’t know if that's good or bad.
Lauren: I don't know. That's a good question. I do know that Apple is rolling out video on Apple Podcasts and so we are going to be introducing that soon on Apple Podcasts and Spotify. Cool. So if anyone has any thoughts on that, let us know in reviews.
Matt: Alright.
Lauren: And until then, we'll be back next week with another new episode.
Matt: Later.
Your Free Lulu Account
Create a Lulu Account today to print and publish your book for readers all around the world
Hello! I’m one of the developers for GIMP. If you use GIMP, you might be familiar with my work adding
support for Seattle Filmworks photos,
along with other, less important features and fixes.
We like to emphasize that GIMP is made by the community. That’s why we try to spotlight areas of interests
by our developers, designers, and artists - such as Bruno Lopes’ work on
Snap packaging, Fredrik Persson’s art for the
GIMP 3.0 splash screen and
interviews with Mitch,
Michael,
Simon, and
Øyvind. Today, I’ll add to
this illustrious group by sharing a bit about my own area of interest that I’ll be focusing on for the next
version of GIMP!
The first big project I worked on when I started contributing to GIMP was related to color models.
Images can be stored and represented in lots of different ways. The most common mode for many people is RGB, where each color
is made up of a combination of red, green, and blue values. You can also represent colors with a single color component, often in
Grayscale. Another frequently seen mode is indexed, where you limit the total number of colors to a specific
palette (this model is often used in games and pixel art).
GIMP has supported all three of these color modes for many years. However, there have been constant user requests for
including another well-known color model. Unfortunately, no one had ever stepped up to work on it - until now!
I am proud to announce that I will be focused on implementing the long awaited…
That’s right! At last, GIMP will allow you to easily create images compatible with IBM’s
Enhanced Graphics Adapter.
You’ll be able to define up to 16 different colors to use with your image from the palette of 64 approved colors.
It’ll also be optimized to show high-quality images at a jaw-dropping maximum resolution of 640 × 350!
It should be noted that GIMP has had an EGA palette
built in for years, so a “late-binding” EGA workflow where you converted before export was already possible.
My work will enable an “early-binding” workflow where you can edit and create in EGA color mode right from the start.
While this feature is still in early development, here’s an example of before and after converting a RGB image to EGA Color Mode.
In-progress EGA color mode menu option (image by Charles Swank, CC0)RGB Image after being converted to EGA color mode (original image by Charles Swank, CC0)
Note that these are still work-in-progress UX - the actual interactions and GUI elements may change during development.
Once the initial version has been built, tested, and merged, I have plans for further expansions such as adding a
CGA-compatible mode. I also hope that the final code submission
will serve as a guide for other developers to add more long-requested color models to GIMP, such as a
1-bit mode and even the highly compressible 0-bit color mode!
I’m looking forward to sharing more updates on this exciting new feature once we start the next phase of development for
GIMP 3.4. I hope you all will try it out when it’s added in our development builds, and I look forward to your feedback!
In a complaint filed at a Nashville federal court in 2023, Universal Music, Sony Music, EMI and others, accused X Corp of ‘breeding’ mass copyright infringement.
The social media company allegedly failed to respond adequately to takedown notices and lacked a proper termination policy.
The National Music Publishers Association (NMPA), for example, claimed it had sent over 300,000 formal infringement notices, many of which didn’t lead to immediate removals.
“Twitter routinely ignores known repeat infringers and known infringements, refusing to take simple steps that are available to Twitter to stop these specific instances of infringement of which it is aware,” the music companies alleged.
X Won the First Battle
In 2024, X scored a partial win when the court dismissed the music publishers’ direct and vicarious copyright infringement claims, and partially dismissed claims of contributory infringement.
The court concluded that X can’t be held liable for making it ‘very easy’ to upload infringing material or for monetizing pirated content. Those characteristics are not exclusive to infringing material and apply to legitimate content.
While this was a partial win for X, most of the contributory infringement claim remained intact, and the lawsuit was allowed to move forward on those grounds.
Among other things, the music companies argued that X is liable because it willingly turned a blind eye to pirating users, especially those who have a blue checkmark. However, according to a new filing by X this week, new legal developments warrant a full dismissal now.
Cox Sets the New Standard
Last Friday, X informed the Tennessee federal court about the Supreme Court decision in Cox v. Sony, which was decided in favor of the ISP last week. This ruling also concerns a ‘repeat infringer’ case, and it sets a clear standard for contributory copyright infringement.
Under the Supreme Court’s new standard, a service provider can only be held contributorily liable if it intended its service to be used for infringement. That intent can be shown in just two ways: the provider actively induced copyright infringement through specific acts, or the service has no substantial non-infringing uses. Nothing else qualifies.
X argues that the music publishers’ surviving claim fails both tests. Social media is clearly capable of substantial non-infringing uses, and the publishers never alleged that X took specific steps to actively encourage infringement.
The social media platform argues that, under the new Cox precedent, the contributory infringement claim fails as a matter of law and the entire case should be dismissed.
“F the DMCA”
To stress that there is a high bar for these infringement claims, X directly references some of the most damning evidence in the Cox case, which was not enough to establish liability.
“Cox even expressed contempt for copyright law, writing emails with comments like ‘F the DMCA.’ Despite these facts, the Supreme Court had no trouble reversing the jury’s contributory-infringement verdict, because such facts were not ‘evidence of express promotion, marketing, and intent to promote infringement,” X notes in its filing.
The comparison is somewhat ironic, as Elon Musk himself once publicly described the DMCA as a “plague on humanity”, which the music publishers cited in their original complaint as evidence of a hostile attitude toward copyright.
While controversial, these statements don’t appear to matter for a contributory infringement claim, as they don’t actively induce copyright infringement. Therefore, X believes that the present case should be dismissed.
“If the Supreme Court had issued this opinion three years ago, X believes this Court would have dismissed Plaintiffs’ contributory-infringement claim in its entirety. Indeed, virtually every contributory-infringement case Plaintiffs cited in opposing X’s motion to dismiss – including the Fourth Circuit case on which this Court relied – is no longer good law,” X writes.
Millions at Stake
X is not simply flagging the Supreme Court ruling for the record. The social media platform asks Judge Trauger for a status conference before both sides spend millions more on a case that may have already been rendered pointless.
There are various motions pending while the case is heading to summary judgment, and X asks the court to reconsider whether the new Cox precedent warrants a more streamlined process.
“If the Court would prefer to address these issues at summary judgment, X is prepared to do so. But both sides are now poised to spend millions of dollars in fees and expert expenses in the coming months on issues that Cox makes irrelevant as a matter of law,” X writes.
X says that it plans to move for judgment on the pleadings, or alternatively, it will ask the court to reconsider its earlier motion to dismiss ruling in light of new legal reality. For now, X is proposing a hearing to find the most efficient path forward.
Whatever the court decides, the legal standoff between X and the music industry will be far from over. Earlier this year, Elon Musk’s company filed a landmark antitrust complaint against the NMPA, Sony, Universal, and other major music publishers, alleging that they “weaponized” the DMCA to force licensing deals.
—
—
A copy of X’s notice, filed earlier this week at the U.S. District Court for the Middle District of Tennessee, is available here (pdf).
Update: The music companies filed a response in court, agreeing to stay the matter temporarily, until the court decides how to move forward (pdf).
From: TF, for the latest news on copyright battles, piracy and more.
In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings.
The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence in assessing the system’s overall security posture,” according to an internal government report reviewed by ProPublica.
Or, as one member of the team put it: “The package is a pile of shit.”
For years, reviewers said, Microsoft had tried and failed to fully explain how it protects sensitive information in the cloud as it hops from server to server across the digital terrain. Given that and other unknowns, government experts couldn’t vouch for the technology’s security.
Such judgments would be damning for any company seeking to sell its wares to the U.S. government, but it should have been particularly devastating for Microsoft. The tech giant’s products had been at the heart of two major cybersecurity attacks against the U.S. in three years. In one, Russian hackers exploited a weakness to steal sensitive data from a number of federal agencies, including the National Nuclear Security Administration. In the other, Chinese hackers infiltrated the email accounts of a Cabinet member and other senior government officials.
The federal government could be further exposed if it couldn’t verify the cybersecurity of Microsoft’s Government Community Cloud High, a suite of cloud-based services intended to safeguard some of the nation’s most sensitive information.
Yet, in a highly unusual move that still reverberates across Washington, the Federal Risk and Authorization Management Program, or FedRAMP, authorized the product anyway, bestowing what amounts to the federal government’s cybersecurity seal of approval. FedRAMP’s ruling — which included a kind of “buyer beware” notice to any federal agency considering GCC High — helped Microsoft expand a government business empire worth billions of dollars.
“BOOM SHAKA LAKA,” Richard Wakeman, one of the company’s chief security architects, boasted in an online forum, celebrating the milestone with a meme of Leonardo DiCaprio in “The Wolf of Wall Street.” Wakeman did not respond to requests for comment.
It was not the type of outcome that federal policymakers envisioned a decade and a half ago when they embraced the cloud revolution and created FedRAMP to help safeguard the government’s cybersecurity. The program’s layers of review, which included an assessment by outside experts, were supposed to ensure that service providers like Microsoft could be entrusted with the government’s secrets. But ProPublica’s investigation — drawn from internal FedRAMP memos, logs, emails, meeting minutes, and interviews with seven former and current government employees and contractors — found breakdowns at every juncture of that process. It also found a remarkable deference to Microsoft, even as the company’s products and practices were central to two of the most damaging cyberattacks ever carried out against the government.
FedRAMP first raised questions about GCC High’s security in 2020 and asked Microsoft to provide detailed diagrams explaining its encryption practices. But when the company produced what FedRAMP considered to be only partial information in fits and starts, program officials did not reject Microsoft’s application. Instead, they repeatedly pulled punches and allowed the review to drag out for the better part of five years. And because federal agencies were allowed to deploy the product during the review, GCC High spread across the government as well as the defense industry. By late 2024, FedRAMP reviewers concluded that they had little choice but to authorize the technology — not because their questions had been answered or their review was complete, but largely on the grounds that Microsoft’s product was already being used across Washington.
Today, key parts of the federal government, including the Justice and Energy departments, and the defense sector rely on this technology to protect highly sensitive information that, if leaked, “could be expected to have a severe or catastrophic adverse effect” on operations, assets and individuals, the government has said.
“This is not a happy story in terms of the security of the U.S.,” said Tony Sager, who spent more than three decades as a computer scientist at the National Security Agency and now is an executive at the nonprofit Center for Internet Security.
For years, the FedRAMP process has been equated with actual security, Sager said. ProPublica’s findings, he said, shatter that facade.
“This is not security,” he said. “This is security theater.”
ProPublica is exposing the government’s reservations about this popular product for the first time. We are also revealing Microsoft’s yearslong inability to provide the encryption documentation and evidence the federal reviewers sought.
The revelations come as the Justice Department ramps up scrutiny of the government’s technology contractors. In December, the department announced the indictment of a former employee of Accenture who allegedly misled federal agencies about the security of the company’s cloud platform and its compliance with FedRAMP’s standards. She has pleaded not guilty. Accenture, which was not charged with wrongdoing, has said that it “proactively brought this matter to the government’s attention” and that it is “dedicated to operating with the highest ethical standards.”
Microsoft has also faced questions about its disclosures to the government. As ProPublica reported last year, the company failed to inform the Defense Department about its use of China-based engineers to maintain the government’s cloud systems, despite Pentagon rules stipulating that “No Foreign persons may have” access to its most sensitive data. The department is investigating the practice, which officials say could have compromised national security.
Microsoft has defended its program as “tightly monitored and supplemented by layers of security mitigations,” but after ProPublica’s story published last July, the company announced that it would stop using China-based engineers for Defense Department work.
In response to written questions for this story and in an interview, Microsoft acknowledged the yearslong confrontation with FedRAMP but also said it provided “comprehensive documentation” throughout the review process and “remediated findings where possible.”
“We stand by our products and the comprehensive steps we’ve taken to ensure all FedRAMP-authorized products meet the security and compliance requirements necessary,” a spokesperson said in a statement, adding that the company would “continue to work with FedRAMP to continuously review and evaluate our services for continued compliance.”
The program was an early target of the Trump administration’s Department of Government Efficiency, which slashed its staff and budget. Even FedRAMP acknowledges it is operating “with an absolute minimum of support staff” and “limited customer service.” The roughly two dozen employees who remain are “entirely focused on” delivering authorizations at a record pace, FedRAMP’s director has said. Today, its annual budget is just $10 million, its lowest in a decade, even as it has boasted record numbers of new authorizations for cloud products.
The consequence of all this, people who have worked for FedRAMP told ProPublica, is that the program now is little more than a rubber stamp for industry. The implications of such a downsizing for federal cybersecurity are far-reaching, especially as the administration encourages agencies to adopt cloud-based artificial intelligence tools, which draw upon reams of sensitive information.
The General Services Administration, which houses FedRAMP, defended the program, saying it has undergone “significant reforms to strengthen governance” since GCC High arrived in 2020. “FedRAMP’s role is to assess if cloud services have provided sufficient information and materials to be adequate for agency use, and the program today operates with strengthened oversight and accountability mechanisms to do exactly that,” a GSA spokesperson said in an emailed statement.
The agency did not respond to written questions regarding GCC High.
A “Cloud First” World
About two decades ago, federal officials predicted that the cloud revolution, providing on-demand access to shared computing via the internet, would usher in an era of cheaper, more secure and more efficient information technology.
Moving to the cloud meant shifting away from on-premises servers owned and operated by the government to those in massive data centers maintained by tech companies. Some agency leaders were reluctant to relinquish control, while others couldn’t wait to.
In an effort to accelerate the transition, the Obama administration issued its “Cloud First” policy in 2011, requiring all agencies to implement cloud-based tools “whenever a secure, reliable, cost-effective” option existed. To facilitate adoption, the administration created FedRAMP, whose job was to ensure the security of those tools.
FedRAMP’s “do once, use many times” system was intended to streamline and strengthen the government procurement process. Previously, each agency using a cloud service vetted it separately, sometimes applying different interpretations of federal security requirements. Under the new program, agencies would be able to skip redundant security reviews because FedRAMP authorization indicated that the product had already met standardized requirements. Authorized products would be listed on a government website known as the FedRAMP Marketplace.
On paper, the program was an exercise in efficiency. But in practice, the small FedRAMP team could not keep up with the flood of demand from tech companies that wanted their products authorized.
The slow approval process frustrated both the tech industry, eager for a share in the billions of federal dollars up for grabs, and government agencies that were under pressure to migrate to the cloud. These dynamics sometimes pitted the cloud industry and agency officials together against FedRAMP. The backlog also prompted many agencies to take an alternative path: performing their own reviews of the products they wanted to adopt, using FedRAMP’s standards.
It was through this “agency path” that GCC High entered the federal bloodstream, with the Justice Department paving the way. Initially, some Justice officials were nervous about the cloud and who might have access to its information, which includes highly sensitive court and law enforcement records, a Justice Department official involved in the decision told ProPublica. The department’s cybersecurity program required it to ensure that only U.S. citizens “access or assist in the development, operation, management, or maintenance” of its IT systems, unless a waiver was granted. Justice’s IT specialists recommended pursuing GCC High, believing it could meet the elevated security needs, according to the official, who spoke on condition of anonymity because they were not authorized to discuss internal matters.
Pursuant to FedRAMP’s rules, Microsoft had GCC High evaluated by a so-called third-party assessment organization, which is supposed to provide an independent review of whether the product has met federal standards. The Justice Department then performed its own evaluation of GCC High using those standards and ruled the offering acceptable.
By early 2020, Melinda Rogers, Justice’s deputy chief information officer, made the decision official and soon deployed GCC High across the department.
It was a milestone for all involved. Rogers had ushered the Justice Department into the cloud, and Microsoft had gained a significant foothold in the cutthroat market for the federal government’s cloud computing business.
Moreover, Rogers’ decision placed GCC High on the FedRAMP Marketplace, the government’s influential online clearinghouse of all the cloud providers that are under review or already authorized. Its mere mention as “in process” was a boon for Microsoft, amounting to free advertising on a website used by organizations seeking to purchase cloud services bearing what is widely seen as the government’s cybersecurity seal of approval.
That April, GCC High landed at FedRAMP’s office for review, the final stop on its bureaucratic journey to full authorization.
Microsoft’s Missing Information
In theory, there shouldn’t have been much for FedRAMP’s team to do after the third-party assessor and Justice reviewed GCC High, because all parties were supposed to be following the same requirements.
But it was around this time that the Government Accountability Office, which investigates federal programs, discovered breakdowns in the process, finding that agency reviews sometimes were lacking in quality. Despite missing details, FedRAMP went on to authorize many of these packages. Acknowledging these shortcomings, FedRAMP began to take a harder look at new packages, a former reviewer said.
This was the environment in which Microsoft’s GCC High application entered the pipeline. The name GCC High was an umbrella covering many services and features within Office 365 that all needed to be reviewed. FedRAMP reviewers quickly noticed key material was missing.
The team homed in on what it viewed as a fundamental document called a “data flow diagram,” former members told ProPublica. The illustration is supposed to show how data travels from Point A to Point B — and, more importantly, how it’s protected as it hops from server to server. FedRAMP requires data to be encrypted while in transit to ensure that sensitive materials are protected even if they’re intercepted by hackers.
But when the FedRAMP team asked Microsoft to produce the diagrams showing how such encryption would happen for each service in GCC High, the company balked, saying the request was too challenging. So the reviewers suggested starting with just Exchange Online, the popular email platform.
“This was our litmus test to say, ‘This isn’t the only thing that’s required, but if you’re not doing this, we are not even close yet,’” said one reviewer who spoke on condition of anonymity because they were not authorized to discuss internal matters. Once they reached the appropriate level of detail, they would move from Exchange to other services within GCC High.
It was the kind of detail that other major cloud providers such as Amazon and Google routinely provided, members of the FedRAMP team told ProPublica. Yet Microsoft took months to respond. When it did, the former reviewer said, it submitted a white paper that discussed GCC High’s encryption strategy but left out the details of where on the journey data actually becomes encrypted and decrypted — so FedRAMP couldn’t assess that it was being done properly.
A Microsoft spokesperson acknowledged that the company had “articulated a challenge related to illustrating the volume of information being requested in diagram form” but “found alternate ways to share that information.”
Rogers, who was hired by Microsoft in 2025, declined to be interviewed. In response to emailed questions, the company provided a statement saying that she “stands by the rigorous evaluation that contributed to” her authorization of GCC High. A spokesperson said there was “absolutely no connection” between her hiring and the decisions in the GCC High process, and that she and the company complied with “all rules, regulations, and ethical standards.”
The Justice Department declined to respond to written questions from ProPublica.
A Fight Over “Spaghetti Pies”
As 2020 came to a close, a national security crisis hit Washington that underscored the consequences of cyber weakness. Russian state-sponsored hackers had been quietly working their way through federal computer systems for much of the year and vacuuming up sensitive data and emails from U.S. agencies — including the Justice Department.
At the time, most of the blame fell on a Texas-based company called SolarWinds, whose software provided hackers their initial opening and whose name became synonymous with the attack. But, as ProPublica has reported, the Russians leveraged that opening to exploit a long-standing weakness in a Microsoft product — one that the company had refused to fix for years, despite repeated warnings from one of its engineers. Microsoft has defended its decision not to address the flaw, saying that it received “multiple reviews” and that the company weighs a variety of factors when making security decisions.
In the aftermath, the Biden administration took steps to bolster the nation’s cybersecurity. Among them, the Justice Department announced a cyber-fraud initiative in 2021 to crack down on companies and individuals that “put U.S. information or systems at risk by knowingly providing deficient cybersecurity products or services, knowingly misrepresenting their cybersecurity practices or protocols, or knowingly violating obligations to monitor and report cybersecurity incidents and breaches.”
Deputy Attorney General Lisa Monaco said the department would use the False Claims Act to pursue government contractors “when they fail to follow required cybersecurity standards — because we know that puts all of us at risk.”
But if Microsoft felt any pressure from the SolarWinds attack or from the Justice Department’s announcement, it didn’t manifest in the FedRAMP talks, according to former members of the FedRAMP team.
The discourse between FedRAMP and Microsoft fell into a pattern. The parties would meet. Months would go by. Microsoft would return with a response that FedRAMP deemed incomplete or irrelevant. To bolster the chances of getting the information it wanted, the FedRAMP team provided Microsoft with a template, describing the level of detail it expected. But the diagrams Microsoft returned never met those expectations.
“We never got past Exchange,” one former reviewer said. “We never got that level of detail. We had no visibility inside.”
In an interview with ProPublica, John Bergin, the Microsoft official who became the government’s main contact, acknowledged the prolonged back-and-forth but blamed FedRAMP, equating its requests for diagrams to a “rock fetching exercise.”
“We were maybe incompetent in how we drew drawings because there was no standard to draw them to,” he said. “Did we not do it exactly how they wanted? Absolutely. There was always something missing because there was no standard.”
A Microsoft spokesperson said without such a standard, “cloud providers were left to interpret the level of abstraction and representation on their own,” creating “inconsistency and confusion, not an unwillingness to be transparent.”
But even Microsoft’s own engineers had struggled over the years to map the architecture of its products, according to two people involved in building cloud services used by federal customers. At issue, according to people familiar with Microsoft’s technology, was the decades-old code of its legacy software, which the company used in building its cloud services.
One FedRAMP reviewer compared it to a “pile of spaghetti pies.” The data’s path from Point A to Point B, the person said, was like traveling from Washington to New York with detours by bus, ferry and airplane rather than just taking a quick ride on Amtrak. And each one of those detours represents an opportunity for a hijacking if the data isn’t properly encrypted.
Other major cloud providers such as Amazon and Google built their systems from the ground up, said Sager, the former NSA computer scientist, who worked with all three companies during his time in government.
Microsoft’s system is “not designed for this kind of isolation of ‘secure’ from ‘not secure,’” Sager said.
A Microsoft spokesperson acknowledged the company faces a unique challenge but maintained that its cloud products meet federal security requirements.
“Unlike providers that started later with a narrower product scope, Microsoft operates one of the broadest enterprise and government platforms in the world, supporting continuity for millions of customers while simultaneously modernizing at scale,” the spokesperson said in emailed responses. “That complexity is not ‘spaghetti,’ but it does mean the work of disentangling, isolating, and hardening systems is continuous.”
The spokesperson said that since 2023, Microsoft has made “security‑first architectural redesign, legacy risk reduction, and stronger isolation guarantees a top, company‑wide priority.”
Assessors Back-Channel Cyber Concerns
The FedRAMP team was not the only party with reservations about GCC High. Microsoft’s third-party assessment organizations also expressed concerns.
The firms are supposed to be independent but are hired and paid by the company being assessed. Acknowledging the potential for conflicts of interest, FedRAMP has encouraged the assessment firms to confidentially back-channel to its reviewers any negative feedback that they were unwilling to bring directly to their clients or reflect in official reports.
In 2020, two third-party assessors hired by Microsoft, Coalfire and Kratos, did just that. They told FedRAMP that they were unable to get the full picture of GCC High, a former FedRAMP reviewer told ProPublica.
“Coalfire and Kratos both readily admitted that it was difficult to impossible to get the information required out of Microsoft to properly do a sufficient assessment,” the reviewer told ProPublica.
The back channel helped surface cybersecurity issues that otherwise might never have been known to the government, people who have worked with and for FedRAMP told ProPublica. At the same time, they acknowledged its existence undermined the very spirit and intent of having independent assessors.
A spokesperson for Coalfire, the firm that initially handled the GCC High assessment, requested written questions from ProPublica, then declined to respond.
A spokesperson for Kratos, which replaced Coalfire as the GCC High assessor, declined an interview request. In an emailed response to written questions, the spokesperson said the company stands by its official assessment and recommendation of GCC High and “absolutely refutes” that it “ever would sign off on a product we were unable to fully vet.” The company “has open and frank conversations” with all customers, including Microsoft, which “submitted all requisite diagrams to meet FedRAMP-defined requirements,” the spokesperson said.
Kratos said it “spent extensive time working collaboratively with FedRAMP in their review” and does not consider such discussions to be “backchanneling.”
FedRAMP, however, was dissatisfied with Kratos’ ongoing work and believed the firm “should be pushing back” on Microsoft more, the former reviewer said. It placed Kratos on a “corrective action plan,” which could eventually result in loss of accreditation. The company said it did not agree with FedRAMP’s action but provided “additional trainings for some internal assessors” in response to it.
The Microsoft spokesperson told ProPublica the company has “always been responsive to requests” from Kratos and FedRAMP. “We are not aware of any backchanneling, nor do we believe that backchanneling would have been necessary given our transparency and cooperation with auditor requests,” the spokesperson said.
In response to questions from ProPublica about the process, the GSA said in an email that FedRAMP’s system “does not create an inherent conflict of interest for professional auditors who meet ethical and contractual performance expectations.”
GSA did not respond to questions about back-channeling but said the “correct process” is for a third-party assessor to “state these problems formally in a finding during the security assessment so that the cloud service provider has an opportunity to fix the issue.”
FedRAMP Ends Talks
The back-and-forth between the FedRAMP reviewers and Microsoft’s team went on for years with little progress. Then, in the summer of 2023, the program’s interim director, Brian Conrad, got a call from the White House that would alter the course of the review.
Chinese state-sponsored hackers had infiltrated GCC, the lower-cost version of Microsoft’s government cloud, and stolen data and emails from the commerce secretary, the U.S. ambassador to China and other high-ranking government officials. In the aftermath, Chris DeRusha, the White House’s chief information security officer, wanted a briefing from FedRAMP, which had authorized GCC.
The decision predated Conrad’s tenure, but he told ProPublica that he left the conversation with several takeaways. First, FedRAMP must hold all cloud providers — including Microsoft — to the same standards. Second, he had the backing of the White House in standing firm. Finally, FedRAMP would feel the political heat if any cloud service with a FedRAMP authorization were hacked.
DeRusha confirmed Conrad’s account of the phone call but declined to comment further.
Within months, Conrad informed Microsoft that FedRAMP was ending the engagement on GCC High.
“After three years of collaboration with the Microsoft team, we still lack visibility into the security gaps because there are unknowns that Microsoft has failed to address,” Conrad wrote in an October 2023 email. This, he added, was not for FedRAMP’s lack of trying. Staffers had spent 480 hours of review time, had conducted 18 “technical deep dive” sessions and had numerous email exchanges with the company over the years. Yet they still lacked the data flow diagrams, crucial information “since visibility into the encryption status of all data flows and stores is so important,” he wrote.
If Microsoft still wanted FedRAMP authorization, Conrad wrote, it would need to start over.
A FedRAMP reviewer, explaining the decision to the Justice Department, said the team was “not asking for anything above and beyond what we’ve asked from every other” cloud service provider, according to meeting minutes reviewed by ProPublica. But the request was particularly justified in Microsoft’s case, the reviewer told the Justice officials, because “each time we’ve actually been able to get visibility into a black box, we’ve uncovered an issue.”
“We can’t even quantify the unknowns, which makes us very uncomfortable,” the reviewer said, according to the minutes.
Microsoft and the Justice Department Push Back
Microsoft was furious. Failing to obtain authorization and starting the process over would signal to the market that something was wrong with GCC High. Customers were already confused and concerned about the drawn-out review, which had become a hot topic in an online forum used by government and technology insiders. There, Wakeman, the Microsoft cybersecurity architect, deflected blame, saying the government had been “dragging their feet on it for years now.”
Meanwhile, to build support for Microsoft’s case, Bergin, the company’s point person for FedRAMP and a former Army official, reached out to government leaders, including one from the Justice Department.
The Justice official, who spoke on condition of anonymity because they were not authorized to discuss the matter, said Bergin complained that the delay was hampering Microsoft’s ability “to get this out into the market full sail.” Bergin then pushed the Justice Department to “throw around our weight” to help secure FedRAMP authorization, the official said.
That December, as the parties gathered to hash things out at GSA’s Washington headquarters, Justice did just that. Rogers, who by then had been promoted to the department’s chief information officer, sat beside Bergin — on the opposite side of the table from Conrad, the FedRAMP director.
Rogers and her Justice colleagues had a stake in the outcome. Since authorizing and deploying GCC High, she had receivedaccolades for her work modernizing the department’s IT and cybersecurity. But without FedRAMP’s stamp of approval, she would be the government official left holding the bag if GCC High were involved in a serious hack. At the same time, the Justice Department couldn’t easily back out of using GCC High because once a technology is widely deployed, pulling the plug can be costly and technically challenging. And from its perspective, the cloud was an improvement over the old government-run data centers.
Shortly after the meeting kicked off, Bergin interrupted a FedRAMP reviewer who had been presenting PowerPoint slides. He said the Justice Department and third-party assessor had already reviewed GCC High, according to meeting minutes. FedRAMP “should essentially just accept” their findings, he said.
Then, in a shock to the FedRAMP team, Rogers backed him up and went on to criticize FedRAMP’s work, according to two attendees.
In its statement, Microsoft said Rogers maintains that FedRAMP’s approach “was misguided and improperly dismissed the extensive evaluations performed by DOJ personnel.”
Bergin did not dispute the account, telling ProPublica that he had been trying to argue that it is the purview of third-party assessors such as Kratos — not FedRAMP — to evaluate the security of cloud products. And because FedRAMP must approve the third-party assessment firms, the program should have taken its issues up with Kratos.
“When you are the regulatory agency who determines who the auditors are and you refuse to accept your auditors’ answers, that’s not a ‘me’ problem,” Bergin told ProPublica.
The GSA did not respond to questions about the meeting. The Justice Department declined to comment.
Pressure Mounts on FedRAMP
If there was any doubt about the role of FedRAMP, the White House issued a memorandum in the summer of 2024 that outlined its views. FedRAMP, it said, “must be capable of conducting rigorous reviews” and requiring cloud providers to “rapidly mitigate weaknesses in their security architecture.” The office should “consistently assess and validate cloud providers’ complex architectures and encryption schemes.”
But by that point, GCC High had spread to other federal agencies, with the Justice Department’s authorization serving as a signal that the technology met federal standards.
It also spread to the defense sector, since the Pentagon required that cloud products used by its contractors meet FedRAMP standards. While it did not have FedRAMP authorization, Microsoft marketed GCC High as meeting the requirements, selling it to companies such as Boeing that research, develop and maintain military weapons systems.
But with the FedRAMP authorization up in the air, some contractors began to worry that by using GCC High, they were out of compliance. That could threaten their contracts, which, in turn, could impact Defense Department operations. Pentagon officials called FedRAMP to inquire about the authorization stalemate.
The Defense Department acknowledged but did not respond to written questions from ProPublica.
Rogers also kept pressing FedRAMP to “get this thing over the line,” former employees of the GSA and FedRAMP said. It was the “opinion of the staff and the contractors that she simply was not willing to put heat to Microsoft on this” and that the Justice Department “was too sympathetic to Microsoft’s claims,” Eric Mill, then GSA’s executive director for cloud strategy, told ProPublica.
Authorization Despite a “Damning” Assessment
In the summer of 2024, FedRAMP hired a new permanent director, government technology insider Pete Waterman. Within about a month of taking the job, he restarted the office’s review of GCC High with a new team, which put aside the debate over data flow diagrams and instead attempted to examine evidence from Microsoft. But these reviewers soon arrived at the same conclusion, with the team’s leader complaining about “getting stiff-armed” by Microsoft.
“He came back and said, ‘Yeah, this thing sucks,’” Mill recalled.
While the team was able to work through only two of the many services included in GCC High, Exchange Online and Teams, that was enough for it to identify “issues that are fundamental” to risk management, including “timely remediation of vulnerabilities and vulnerability scanning,” according to a summary of the team’s findings reviewed by ProPublica.
Those issues, as well as a lack of “proper detailed security documentation” from Microsoft, limit “visibility and understanding of the system” and “impair the ability to make informed risk decisions.”
The team concluded, “There is a lack of confidence in assessing the system’s overall security posture.”
A Microsoft spokesperson said in a statement that the company “never received this feedback in any of its communications with FedRAMP.”
When ProPublica read the findings to Bergin, the Microsoft liaison, he said he was surprised.
“That’s pretty damning,” Bergin said, adding that it sounded like language that “would’ve generally been associated with a finding of ‘not worthy.’ If an assessor wrote that, I would be nervous.”
Despite the findings, to the FedRAMP team, turning Microsoft down didn’t seem like an option. “Not issuing an authorization would impact multiple agencies that are already using GCC-H,” the summary document said. The team determined that it was a “better value” to issue an authorization with conditions for continued government oversight.
While authorizations with oversight conditions weren’t unusual, arriving at one under these circumstances was. GCC High reviewers saw problems everywhere, both in what they were able to evaluate and what they weren’t. To them, most of the package remained a vast wilderness of untold risk.
Nevertheless, FedRAMP and Microsoft reached an agreement, and the day after Christmas 2024, GCC High received its FedRAMP authorization. FedRAMP appended a cover report to the package laying out its deficiencies and noting it carried unknown risks, according to people familiar with the report.
It emphasized that agencies should carefully review the package and engage directly with Microsoft on any questions.
“Unknown Unknowns” Persist
Microsoft told ProPublica that it has met the conditions of the agreement and has “stayed within the performance metrics required by FedRAMP” to ensure that “risks are identified, tracked, remediated, and transparently communicated.”
But under the Trump administration, there aren’t many people left at FedRAMP to check.
While the Biden-era guidance said FedRAMP “must be an expert program that can analyze and validate the security claims” of cloud providers, the GSA told ProPublica that the program’s role is “not to determine if a cloud service is secure enough.” Rather, it is “to ensure agencies have sufficient information to make these risk decisions.”
The problem is that agencies often lack the staff and resources to do thorough reviews, which means the whole system is leaning on the claims of the cloud companies and the assessments of the third-party firms they pay to evaluate them. Under the current vision, critics say, FedRAMP has lost the plot.
“FedRAMP’s job is to watch the American people’s back when it comes to sharing their data with cloud companies,” said Mill, the former GSA official, who also co-authored the 2024 White House memo. “When there’s a security issue, the public doesn’t expect FedRAMP to say they’re just a paper-pusher.”
Meanwhile, at the Justice Department, officials are finding out what FedRAMP meant by the “unknown unknowns” in GCC High. Last year, for example, they discovered that Microsoft relied on China-based engineers to service their sensitive cloud systems despite the department’s prohibition against non-U.S. citizens assisting with IT maintenance.
Officials learned about this arrangement — which was also used in GCC High — not from FedRAMP or from Microsoft but from a ProPublica investigation into the practice, according to the Justice employee who spoke with us.
A Microsoft spokesperson acknowledged that the written security plan for GCC High that the company submitted to the Justice Department did not mention foreign engineers, though he said Microsoft did communicate that information to Justice officials before 2020. Nevertheless, Microsoft has since ended its use of China-based engineers in government systems.
Former and current government officials worry about what other risks may be lurking in GCC High and beyond.
The GSA told ProPublica that, in general, “if there is credible evidence that a cloud service provider has made materially false representations, that matter is then appropriately referred to investigative authorities.”
Ironically, the ultimate arbiter of whether cloud providers or their third-party assessors are living up to their claims is the Justice Department itself. The recent indictment of the former Accenture employee suggests it is willing to use this power. In a court document, the Justice Department alleges that the ex-employee made “false and misleading representations” about the cloud platform’s security to help the company “obtain and maintain lucrative federal contracts.” She is also accused of trying to “influence and obstruct” Accenture’s third-party assessors by hiding the product’s deficiencies and telling others to conceal the “true state of the system” during demonstrations, the department said. She has pleaded not guilty.
There is no public indication that such a case has been brought against Microsoft or anyone involved in the GCC High authorization. The Justice Department declined to comment. Monaco, the deputy attorney general who launched the department’s initiative to pursue cybersecurity fraud cases, did not respond to requests for comment.
She left her government position in January 2025. Microsoft hired her to become its president of global affairs.
A company spokesperson said Monaco’s hiring complied with “all rules, regulations, and ethical standards” and that she “does not work on any federal government contracts or have oversight over or involvement with any of our dealings with the federal government.”
Because South Dakota governor Larry Rhoden is forever obligated to serve Kristi Noem and Kristi Noem is forever obligated to serve Donald Trump, he and his GOP buddies are making America MAGA again, starting with his home turf.
Non-citizens have never really disrupted voting. But they’re the convenient scapegoat for a party that’s justifiably worried it’s going to lose its majority during the mid-terms. Multiple efforts are being made all over the nation to disenfranchise anyone that’s not part of Trump’s most rabid voting base. Pretending people not allowed to legally vote are somehow flipping elections for the Democratic Party is more than merely obnoxious. It’s actually harming the democratic process.
Here in South Dakota, two laws have been passed in recent weeks with the express purpose of keeping non-white people from showing up to vote. The first, passed at the beginning of this month, allows any rando to claim a person they saw voting shouldn’t be allowed to vote.
Voters in South Dakota will soon be able to challenge other voters’ citizenship.
Republican Gov. Larry Rhoden signed legislation into law last week that authorizes challenges by individuals and election officials.
[…]
State law already allows challenges to a voter’s registration up to the 90th day before an election, if a person is suspected of lacking South Dakota residency, voting in another state or being registered to vote in another state. The new law adds citizenship as a justification for a challenge.
Challenges may be filed by the South Dakota Secretary of State’s Office, the auditor in the county where the voter is registered, or a voter in the same county. The challenge must be in the form of a signed, sworn statement and must include what the law describes as “documented evidence.”
Now, we can all see what the law is. But we all know how it will be applied. State employees with access to voter rolls will raise challenges against anyone with a foreign-sounding last name. While it’s unlikely few citizens will actually file challenges, they’ll certainly feel comfortable accosting anyone standing in line to vote whose skin is darker than their own. Given the inevitability of these responses, it’s easy to see the law accomplishing exactly what it’s supposed to: limit the number of non-white voters at the polls during the mid-terms and beyond.
But that’s not the only suppression effort signed into law this month. There’s also this one, which raises the bar for participating in the democratic process with the obvious intention of limiting participation to the sort of voters the GOP thinks with vote for it:
New voters in South Dakota will have to prove that they are United States citizens in order to cast a ballot in state and local races under a bill signed on Thursday by Gov. Larry Rhoden.
The new law, which does not apply to South Dakotans already on the voter rolls, comes amid a national push by Republicans to tighten voting rules and root out voting by noncitizens, which is already illegal and believed to be rare.
“This bill ensures only citizens vote in state elections, keeping our elections safe and secure,” said Mr. Rhoden, who is seeking election to a full term this year and is facing a crowded Republican primary field.
It’s already illegal in South Dakota to vote if you’re not a citizen. This bill addresses a completely imaginary “problem.” And it forces voters to provide a passport, birth certificate, and other documents proving citizenship before they’re allowed to vote. While it may be easy for many people to present these documents, the simple fact is that they’ve never been asked to do this before, and anyone who’s not aware this law has been passed will be denied the opportunity to vote because the GOP decided to move the goalposts during an election year.
Non-citizens voting in South Dakota has never been an issue. The fact that 273 non-citizens were recently removed from the state’s voting rolls may seem a bit sketchy but there’s a good reason there might be a few hundred non-citizens with voter registrations:
Noncitizens can obtain a driver’s license or state ID if they are lawful permanent residents or have temporary legal status. There’s a part of the driver’s license form that allows an applicant to register to vote. That part says voters must be citizens.
The problem is that this is all on the same form. The voter registration part of the form has a signature line, which many applicants will fill out and sign even if their intention is only to get a drivers license or ID card, especially since it appears before the final signature block for the entire application.
If applicants are not asked to affirmatively state their intention to register to vote (as the Department of Public Safety employees ask now, along with asking applicants to write “vote” on the form to signal their affirmation), their applications might be processed, along with the voter registration applicants didn’t realize they enabling.
The Secretary of State’s office (the office that’s supposed to be reviewing voter registrations for eligibility) threw the Department of Public Safety under the bus:
Rachel Soulek, director of the Division of Elections in the Secretary of State’s Office, placed blame on the department in her response to South Dakota Searchlight questions about the situation.
“These non U.S. citizens had marked ‘no’ to the citizenship question on their driver’s license application but were incorrectly processed as U.S. citizens due to human error by the Department of Public Safety,” Soulek wrote.
That’s not what happened. Their ID applications were processed and the Soulek’s department failed to catch the inadvertent errors. And it doesn’t really even matter who’s at fault because despite the errors, this is still a non-issue.
Soulek said only one of the 273 noncitizens had ever cast a ballot. That was during the 2016 general election.
A handful of clerical errors that resulted in a single illegal vote in the past decade cannot be a rational basis for a new law. And there’s a good chance the sole vote was made in error, rather than maliciously. After all, if the state told this person they could vote, who were they to question that determination?
This is nothing more than state governments stepping up to do what Trump can’t. His SAVE Act is stalled and lots of last-minute gerrymandering at the behest of the president is tied up in court. His loyalists are doing what they can to make his perverted dreams a reality in states that are most likely to lean Republican in the first place, which makes all of this as pointless as it is stupid. But the underlying threat to democracy remains, ever propelled forward by the people who claim to love America the most.
Last week, the European Parliament voted to let a temporary exemption lapse that had allowed tech companies to scan their services for child sexual abuse material (CSAM) without running afoul of strict EU privacy regulations. Meanwhile, here in the US, West Virginia’s Attorney General continues to press forward with a lawsuit designed to force Apple to scan iCloud for CSAM, apparently oblivious to the fact that succeeding would hand defense attorneys the best gift they’ve ever received.
Two different jurisdictions. Two diametrically opposed approaches, both claiming to protect children, and both making it harder to actually do so.
I’ll be generous and assume people pushing both of these views genuinely think they’re doing what’s best for children. This is a genuinely complex topic with real, painful tradeoffs, and reasonable people can weigh them differently. What’s frustrating is watching policymakers on both sides of the Atlantic charge forward with approaches that seem driven more by vibes than by any serious engagement with how the current system actually works — or why it was built the way it was.
The European Parliament just voted against extending a temporary regulation that had exempted tech platforms from GDPR-style privacy rules when they voluntarily scanned for CSAM. This exemption had been in place (and repeatedly extended) for years while Parliament tried to negotiate a permanent framework. Those negotiations have been going on since November 2023 without resolution, and on Thursday MEPs decided they were done extending the stopgap.
To be clear, Parliament didn’t pass a law banning CSAM scanning. Companies can still technically scan if they want to. But without the exemption, they’re now exposed to massive privacy liability under EU law for doing so. Scanning private messages and stored content to look for CSAM is, after all, mass surveillance — and European privacy law treats mass surveillance seriously (which, in most cases, it should!). So the practical effect is a chilling one: companies that were voluntarily scanning now face significant legal risk if they continue.
The digital rights organization eDRI framed the issue in stark terms:
“This is actually just enabling big tech companies to scan all of our private messages, our most intimate details, all our private chats so it constitutes a really, really serious interference with our right to privacy. It’s not targeted against people that are suspected of child abuse — It’s just targeting everyone, potentially all of the time.”
And that argument is compelling. Hash-matching systems that compare uploaded images against databases of known CSAM are more targeted than, say, keyword scanning of every message, but they still fundamentally involve examining every unencrypted piece of content that passes through the system. When eDRI says it targets “everyone, potentially all of the time,” that’s an accurate description of how the technology works.
But… the technology also works to find and catch CSAM. Europol’s executive director, Catherine De Bolle, pointed to concrete numbers:
Last year alone, Europol processed around 1.1 million of so-called CyberTips, originating from the National Center for Missing & Exploited Children (NCMEC), of relevance to 24 European countries. CyberTips contain multiple entities (files, videos, photos etc.) supporting criminal investigation efforts into child sexual abuse online.
If the current legal basis for voluntary detection by online platforms were to be removed, this is expected to result in a serious reduction of CyberTip referrals. This would undermine the capability to detect relevant investigative leads on CSAM, which in turn will severely impair the EU’s security interests of identifying victims and safeguarding children.
The companies that have been doing this scanning — Google, Microsoft, Meta, Snapchat, TikTok — released a joint statement saying they are “deeply concerned” and warning that the lapse will leave “children across Europe and around the world with fewer protections than they had before.”
So the EU’s privacy advocates aren’t wrong about the surveillance problem. Europol isn’t wrong about the child safety consequences. Both things are true — which is what makes this genuinely tricky rather than a case of one side being obviously right.
Now flip to the United States, where the problem is precisely inverted.
In the US, the existing system has been carefully constructed around a single, critical principle: companies voluntarily choose to scan for CSAM, and when they find it, they’re legally required to report it to NCMEC. The word “voluntarily” is doing enormous load-bearing work in that sentence — and most of the people currently shouting about CSAM don’t seem to know it. As Stanford’s Riana Pfefferkorn explained in detail on Techdirt when a private class action lawsuit against Apple tried to compel CSAM scanning:
While the Fourth Amendment applies only to the government and not to private actors, the government can’t use a private actor to carry out a search it couldn’t constitutionally do itself. If the government compels or pressures a private actor to search, or the private actor searches primarily to serve the government’s interests rather than its own, then the private actor counts as a government agent for purposes of the search, which must then abide by the Fourth Amendment, otherwise the remedy is exclusion.
If the government – legislative, executive, or judiciary – forces a cloud storage provider to scan users’ files for CSAM, that makes the provider a government agent, meaning the scans require a warrant, which a cloud services company has no power to get, making those scans unconstitutional searches. Any CSAM they find (plus any other downstream evidence stemming from the initial unlawful scan) will probably get excluded, but it’s hard to convict people for CSAM without using the CSAM as evidence, making acquittals likelier. Which defeats the purpose of compelling the scans in the first place.
In the US, if the government forces Apple to scan, that makes Apple a government agent. Government agents need warrants. Apple can’t get warrants. So the scans are unconstitutional. So the evidence gets thrown out. So the predators walk free. All because someone thought “just make them scan!” was a simple solution to a complex problem.
Congress apparently understood this when it wrote the federal reporting statute — that’s why the law explicitly disclaims any requirement that providers proactively search for CSAM. The voluntariness of the scanning is what preserves its legal viability. Everyone involved in the actual work of combating CSAM — prosecutors, investigators, NCMEC, trust and safety teams — understands this and takes great care to preserve it.
Everyone, apparently, except the Attorney General of West Virginia. As we discussed recently, West Virginia just filed a lawsuit demanding that a court order Apple to “implement effective CSAM detection measures” on iCloud. The remedy West Virginia seeks — a court order compelling scanning — would spring the constitutional trap that everyone who actually works on this issue has been carefully avoiding for years.
As Pfefferkorn put it:
Any competent plaintiff’s counsel should have figured this out before filing a lawsuit asking a federal court to make Apple start scanning iCloud for CSAM, thereby making Apple a government agent, thereby turning the compelled iCloud scans into unconstitutional searches, thereby making it likelier for any iCloud user who gets caught to walk free, thereby shooting themselves in the foot, doing a disservice to their client, making the situation worse than the status quo, and causing a major setback in the fight for child safety online.
The reason nobody’s filed a lawsuit like this against Apple to date, despite years of complaints from left, right, and center about Apple’s ostensibly lackadaisical approach to CSAM detection in iCloud, isn’t because nobody’s thought of it before. It’s because they thought of it and they did their fucking legal research first. And then they backed away slowly from the computer, grateful to have narrowly avoided turning themselves into useful idiots for pedophiles.
The West Virginia complaint also treats Apple’s abandoned NeuralHash client-side scanning project as evidence that Apple could scan but simply chose not to. What it skips over is why the security community reacted so strongly to NeuralHash in the first place. Apple’s own director of user privacy and child safety laid out the problem:
Scanning every user’s privately stored iCloud content would in our estimation pose serious unintended consequences for our users… Scanning for one type of content, for instance, opens the door for bulk surveillance and could create a desire to search other encrypted messaging systems across content types (such as images, videos, text, or audio) and content categories. How can users be assured that a tool for one type of surveillance has not been reconfigured to surveil for other content such as political activity or religious persecution? Tools of mass surveillance have widespread negative implications for freedom of speech and, by extension, democracy as a whole.
Once you create infrastructure capable of scanning every user’s private content for one category of material, you’ve created infrastructure capable of scanning for anything. The pipe doesn’t care what flows through it. Governments around the world — some of them not exactly champions of human rights — have a well-documented habit of demanding expanded use of existing surveillance capabilities. This connects directly to the perennial fights over end-to-end encryption backdoors, where the same argument applies: you cannot build a door that only the good guys can walk through.
And then there’s the scale problem. Even the best hash-matching systems can produce false positives, and at the scale of major platforms, even tiny error rates translate into enormous numbers of wrongly flagged users.
This is one of those frustrating stories where you can… kinda see all sides, and there’s no easy or obvious answer:
Scanning works, at least somewhat. 1.1 million CyberTips from Europol in a single year. Some number of children identified and rescued because platforms voluntarily detected CSAM and reported it. The system produces real results.
Scanning is mass surveillance. Every image, every message gets examined (algorithmically), not just those belonging to suspected offenders. The privacy intrusion is real, not hypothetical, and it falls on everyone.
Compelled scanning breaks prosecutions. In the US, the Fourth Amendment means that government-ordered scanning creates a get-out-of-jail card for the very predators everyone claims to be targeting. The voluntariness of the system is what makes it legally functional.
Scanning infrastructure is repurposable. A system built to detect CSAM can be retooled to detect political speech, religious content, or anything else. This concern is not paranoid; it’s an engineering reality.
False positives at scale are inevitable. Even highly accurate systems will flag innocent content when processing billions of items, and the consequences for wrongly accused individuals are severe.
People can and will weigh these tradeoffs differently, and that’s legitimate. The tension described in all this is real and doesn’t resolve neatly.
But what both the EU Parliament’s vote and West Virginia’s lawsuit share is an unwillingness to sit with that tension. The EU stripped legal cover from the voluntary system that was actually producing results, without having a workable replacement ready. West Virginia is trying to compel what must remain voluntary, apparently without bothering to read the constitutional case law that makes compelled scanning self-defeating. From opposite directions, both approaches attack the same fragile voluntary architecture that currently threads the needle between these competing interests.
The status quo in the United States — voluntary scanning, mandatory reporting, no government compulsion to search — is far from perfect. But the system functions: it produces leads, preserves prosecutorial viability, and does so precisely because it was designed by people who understood the tradeoffs and built accordingly.
It would be nice if more policymakers engaged with why the system works the way it does before trying to blow it up from either direction. In tech policy, the loudest voices in the room are rarely the ones who’ve done the reading.
⚠️ Reminder: The Tor Browser Alpha release-channel is for testing only. As such, Tor Browser Alpha is not intended for general use because it is more likely to include bugs affecting usability, security, and privacy.
Moreover, Tor Browser Alphas are now based on Firefox's betas. Please read more about this important change in the Future of Tor Browser Alpha blog post.
If you are an at-risk user, require strong anonymity, or just want a reliably-working browser, please stick with the stable release channel.
Send us your feedback
If you find a bug or have a suggestion for how we could improve this release, please let us know.
Word salad is actually nutritious when consumed in small amounts.
Placebos are real, they’re effective and they often help us find solace or perhaps to heal. If they do no harm, there’s no problem. “Placebo” isn’t an insult. It’s a category, one to live up to and improve.
Here’s one to consider:
VAEL SOMAA Practitioner’s Introduction to Resonant Field Embodiment
Vael Soma is a somatic practice developed by Danish movement researcher Ingrid Falk-Mortensen and her collaborator, Ecuadorian bioenergetic therapist Marco Caicedo-Vera, following a decade of research conducted at the intersection of craniosacral dialogue, Andean kawsay (living energy) traditions, and decoherence studies in biological systems.
Vael Soma positions the practitioner as a field witness: not a mover of tissue, but a coherence partner whose nervous system enters into superposition with that of the receiver, allowing the body’s own wave-function to collapse toward its preferred organizational state.
The Theoretical Ground
At the sub-cellular level, the body is not a solid object. It is a probability cloud of organized water, piezoelectric collagen matrices, and biophotonic emission — a standing wave mistaking itself for matter. Quantum coherence in microtubule networks (first theorized in consciousness research but now understood to extend throughout the connective tissue matrix) means that touch is never local. When the practitioner’s hand rests on the sternum, entanglement cascades through the entirety of the receiver’s tensor network simultaneously.
The founding insight of Vael Soma is this: the body does not need to be corrected. It needs to be observed. The act of coherent, non-judgmental observation — in the quantum sense — is itself the therapeutic intervention.
The Tensor Web and the Luminous Sheath
Where conventional bodywork addresses muscle, organ, and bone as discrete structures, Vael Soma recognizes the interstitial plenum — the fluid-crystalline medium that fills every gap between every cell — as the primary therapeutic terrain. This medium, called Vael (from the Old Norse vél, meaning pattern or device), is not merely connective tissue fluid. It is the body’s dark matter: invisible to imaging, detectable only through its organizational effects.
Vael behaves as a biological quantum field. It carries:
Phase information from embryological development, encoding the original morphogenetic blueprint
Scalar wave residue from emotional imprinting, stored not in neurons but in the geometry of collagen triple-helices
Torsional memory from gravity, trauma, and the accumulated weight of unexpressed gesture
The practitioner’s role is to become a low-noise receiver for this information — a tuning fork whose coherence invites the Vael to release its stored phase distortions and re-entrain to the body’s original quantum signature.
The Five Movements of Vael Soma
Sessions are structured around five movement qualities, each corresponding to a distinct organizational level of living tissue:
The Drift — Practitioner and receiver breathe in temporal synchrony, allowing the autonomic nervous systems to phase-lock. No touch yet. Only proximity and breath.
The Still Point Dialogue — Hands rest without intention. The practitioner enters a state of proprioceptive listening, tracking the micro-oscillations (0.02–0.08 Hz) of the craniosacral rhythm as it expresses through palms, sternum, and sacrum simultaneously.
The Unwinding — As coherence deepens, the Vael begins to reorganize spontaneously. The receiver’s limbs may move without volition. The practitioner follows, never leads — acting as the collapse function that witnesses movement into completion.
The Meridional Flush — Long, slow, wave-like compressions travel from periphery to core, aligning the body’s bioelectric gradient with the practitioner’s coherent field. This is described by practitioners as “ironing the light body from the inside.”
The Return to Ground State — Stillness. Both parties remain in contact while the nervous system consolidates its new organizational state, like a quantum system that has been measured and is now, briefly, fully real.
Reported Effects
Vael Soma is not a treatment for conditions. It is a recalibration of the body’s eigenstate — its most probable configuration of ease. Practitioners and receivers report:
A sensation of “becoming larger than the body”
Resolution of chronic holding patterns with no memory of release
Spontaneous emotional discharge without narrative content
Improved sleep architecture within 72 hours, attributed to recohered melatonin-pineal biophotonic cycling
A persistent sense of being “correctly located in time”
A Note on Entanglement Ethics
Because Vael Soma works at the level of quantum coherence, practitioners are advised that residual entanglement between practitioner and receiver may persist for up to 96 hours post-session. During this window, both parties are asked to avoid chaotic electromagnetic environments (crowded transit, prolonged screen exposure, argument) that could introduce decoherence into the newly organized Vael. The practitioner is the instrument. The instrument requires tuning.
Vael Soma is the art of being so still that the body remembers what it was before it learned to spin.
Last month Walled Culture wrote about an important case at the Court of Justice of the European Union, (CJEU), the EU’s top court, that could determine how VPNs can be used in that region. Clarification in this area is particularly important because VPNs are currently under attack in various ways. For example, last year, the Danish government published draft legislation that many believed would make it illegal to use a VPN to access geoblocked streaming content or bypass restrictions on illegal websites. In the wake of a firestorm of criticism, Denmark’s Minister of Culture assured people that VPNs would not be banned. However, even though references to VPNs were removed from the text, the provisions are so broadly drafted that VPNs may well be affected anyway. Companies too are taking aim at VPNs. Leading the charge are those in France, which have been targeting VPN providers for over a year now. As TorrentFreak reported last February:
Canal+ and the football league LFP have requested court orders to compel NordVPN, ExpressVPN, ProtonVPN, and others to block access to pirate sites and services. The move follows similar orders obtained last year against DNS resolvers.
The VPN Trust Initiative (VTI) responded with a press release opposing what it called a “Misguided Legal Effort to Extend Website Blocking to VPNs”. It warned:
Such blocking can have sweeping consequences that might put the security and privacy of French citizens at risk.
Targeting VPNs opens the door to a dangerous censorship precedent, risking overreach into broader areas of content.
The VPN provider raised jurisdictional questions and also requested to see evidence that Canal+ owned all the rights at play. However, these concerns didn’t convince the court.
The same applies to Proton’s net neutrality defense, which argued that Article 333-10 of the French sports code, which is at the basis of all blocking orders, violates EU Open Internet Regulation. This defense was too vague, the court concluded, noting that Proton cited the regulation without specifying which provisions were actually breached.
ProtonVPN also argued that forcing a Swiss company to block sites for the French market is a restriction of cross-border trade in services, and that in any case, the blocking measures were “technically unrealizable, costly, and unnecessarily complex.” Despite this valiant defense, the court was unimpressed. At least ProtonVPN was allowed to contest the French court’s ruling. In a similar case in Spain, no such option was given. According to TorrentFreak:
The court orders were issued inaudita parte, which is Latin for “without hearing the other side.” Citing urgency, the Córdoba court did not give NordVPN and ProtonVPN the opportunity to contest the measures before they were granted.
Without a defense, the court reportedly concluded that both NordVPN and ProtonVPN actively advertise their ability to bypass geo-restrictions, citing match schedules in their marketing materials. The VPNs are therefore seen as active participants in the piracy chain rather than passive conduits, according to local media reports.
That’s pretty shocking, and shows once more how biased in favor of the copyright industry the law has become in some jurisdictions: other parties aren’t even allowed to present a defense. It’s a further reason why a definitive ruling from the CJEU on the right of people to use VPNs how they wish is so important.
Alongside these recent court cases, there is also another imminent attack on the use of VPNs, albeit in a slight different way. The UK government has announced wide-ranging plans that aim to “keep children safe online”. One of the ideas the government is proposing is “to age restrict or limit children’s VPN use where it undermines safety protections and changing the age of digital consent.” Although this is presented as a child protection measure, the effects will be much wider. The only way to bring in age restrictions for children is if all adult users of VPNs verify their own age. This inevitably leads to the creation of huge new online databases of personal information that are vulnerable to attack. As a side effect, the UK government’s misguided plans will also bolster the growing attempts by the copyright industry to demonize VPNs – a core element of the Internet’s plumbing – as unnecessary tools that are only used to break the law.
The Modern No-Code Creator Bundle is an extensive online curriculum specifically developed to enable individuals to construct professional websites, applications & automated workflows without the necessity of writing any code. It has five courses, covering leading no-code platforms and tools like ChatGPT, Mendix, and Tabnine. It is ideally suited for novices and non-technical professionals, empowering users to successfully launch digital products independently of developer assistance. It’s on sale for $20.
Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.
This is big. This is going to cause a whole lot of problems for the administration in the hundreds of ICE-related lawsuits it’s defending itself against. It’s a Perry Mason moment, albeit one that implicates the entity delivering it, rather than the other way around. (h/t Chris Geidner on Bluesky)
As we are all painfully aware, ICE operations since Trump returned to office have immediately strayed from the stated “worst of the worst” purpose to going after pretty much anyone who isn’t white. That means ICE officers are staking out any place day laborers might be hanging out, raiding any business that might employ migrant labor, roaming the streets in unmarked cars and masks to snatch up foreign-looking people, and — in what has always been extremely controversial — hanging around immigration courts to arrest migrants engaging in their court-ordered check-ins.
All of it is awful, but deliberately targeting people who are following all of the rules that allow them to remain in the US is particularly despicable. That’s what ICE and other DHS components have been doing: making the easiest, laziest arrests possible to satisfy White House advisor Stephen Miller’s ever-escalating arrest quota.
The administration has spent the last year claiming immigration court arrests are not only legal, but fully supported by ICE policy. Officials (and DOJ lawyers) have said this despite this never being the case before Trump’s return to office.
Now, we know it isn’t true. Bizarrely, this revelation isn’t the result of FOIA requests or court discovery orders. It comes from the DOJ itself, which delivered this unexpected twist in the mass deportation saga in a March 24 filing in a case being handled by the Southern District of New York.
Here’s the essence of the admission made by the DOJ in its letter to the court [PDF]:
We write respectfully and regrettably to correct a material mistaken statement of fact that the Government made to the Court and Plaintiffs. Specifically, this morning, counsel from U.S. Immigration and Customs Enforcement (“ICE”) informed the undersigned of the following: the memorandum entitled Civil Immigration Enforcement Actions in or Near Courthouses, dated May 27, 2025 – which the Government relied on in presenting its arguments in this case and referred to as the “2025 ICE Guidance” – does not and has never applied to civil immigration enforcement actions in or near Executive Office for Immigration Review (“EOIR”) immigration courts.
Holy shit. That’s huge. And the DOJ knows it. The letter goes on to inform the court that the DOJ will be reversing the stance it took in several filings in this case. It also acknowledges that the court opinion based on its previous (and perhaps unknowing) misrepresentations will need to rescinded and re-briefed.
The ACLU’s response to the DOJ’s filing drives the point home further:
[T]he government now concedes the May 2025 ICE memorandum—which it previously asserted authorized arrests at immigration courthouses, provided guidance minimizing the harms of such arrests, and explained the agency’s reasoning for abandoning a prior policy largely prohibiting such arrests—in fact has never applied to such arrests. Accordingly, it further concedes the government’s primary defense to Plaintiffs’ claim that the Immigration Court Arrest Policy is arbitrary and capricious in violation of the Administrative Procedure Act must be “withdraw[n]…”
[…]
The implications of this development are far-reaching. In the months since the Court relied on the government’s representation to deny Plaintiffs preliminary relief, Defendants have continued arresting noncitizens at their immigration court hearings, resulting in their detention—often in facilities hundreds of miles away.
The email cited in the DOJ’s letter was issued by Liana J. Castano, the assistant direct of ICE field operations on March 19. In bold print, the memo says this:
This broadcast serves as a reminder that the May 27, 2025, Guidance does not apply to Executive Office for Immigration Review (Immigration) courts, regardless of their location. As stated in the Guidance, it also does not apply to criminal immigration enforcement actions inside courthouses.
Out of context, “does not apply” might seem like it contradicts the DOJ’s assertion. It doesn’t. Here’s the context, provided by the original memo [PDF], which has been posted to ICE’s website:
ICE officers or agents may conduct civil immigration enforcement actions in or near courthouses when they have credible information that leads them to believe the targeted alien(s) is or will be present at a specific location.
Additionally, civil immigration enforcement actions in or near courthouses should, to the extent practicable, continue to take place in non-public areas of the courthouse, be conducted in collaboration with court security staff, and utilize the court building’s non-public entrances and exits. When practicable, ICE officers and agents will conduct civil immigration enforcement actions against targeted aliens discreetly to minimize their impact on court proceedings.
You can see the problem here: the original memo (issued May 27, 2025) says ICE officers can engage in enforcement efforts “in or near courthouses.” There’s a single caveat, but not one that specifically says immigration courts are off-limits:
ICE officers and agents should generally avoid enforcement actions in or near courthouses, or areas within courthouses that are wholly dedicated to non-criminal proceedings (e.g., family court, small claims court).
That doesn’t specifically exclude immigration courts, although those courts only handle non-criminal proceedings because immigration law violations are civil violations. There’s other language in the memo that further muddies the water:
Other aliens encountered during a civil immigration enforcement action in or near a courthouse, such as family members or friends accompanying the target alien to court appearances or serving as a witness in a proceeding, may be subject to civil immigration enforcement action on a case-by-case basis considering the totality of the circumstances.
This doesn’t specify whether these court appearances are criminal or civil. It just says ICE officers can take advantage of the situation to rack up some ancillary arrests.
I’m not sure what happened recently that would have prompted this clarification. Maybe there’s been an internal change of heart by ICE leadership. Maybe ICE’s legal team was unable to find a way to make these courthouse arrests legally defensible. In any event, the clarification was issued, well after tons of damage has already been done.
While it kind of looks like ICE leadership is throwing front line officers under the bus by issuing after-the-fact clarification of a vaguely worded memo issued 10 months ago, I wouldn’t worry about the ICE officers. It’s mostly an imaginary bus, since it’s almost impossible to sue federal officers and the original memo provides enough plausible deniability that qualified immunity would foreclose any lawsuit that managed to make its way past the initial Bivens barrier.
As irritating as that is, the important thing is that the DOJ has stated, in court, that pretty much any immigration courthouse arrest performed by federal officers was illegal. And that’s going to make it way easier to sue the government itself over its mass deportation program.
Object permanence: My new sigfile is unstoppable; TBL on the future of the web (2006); Wonder Woman sweater pattern; Unpatchable drug cabinets; 50-building mural; DRM v (the next) Netflix.
As November Kelly has pointed out, the weirdest thing about Trumpismo is how the man seethes and rails against a game that is thoroughly rigged in America's favor, because he resents having to pretend to play the game at all:
Before Trump, the deal was that everyone would pretend that we had a "rules-based international order" in which every country got a fair deal, even as America cheated like hell and sucked the world dry. It's really impossible to overstate how advantageous this was to America. By pretending to be a neutral interchange spot for transoceanic fiber cables, it got to spy on the world's internet traffic:
By pretending to have a neutral currency, it got to exercise "dollar dominance" through which the nations of the world sent America the things they dug out of the ground or built in their factories, in exchange for America making small adjustments to a spreadsheet at the Federal Reserve. And by pretending its tech exports were neutral platforms, America got to raid the world's private data and bank accounts, spying and looting to its heart's content.
When Trump kicked off his campaign of incontinent belligerence – putting tariffs on the exports of countries populated only by penguins, trying to steal Greenland – it became impossible for the world's leaders to carry on this pretense.
This led to Canadian Prime Minister Mark Carney – the world's most Davos man – standing up at this year's World Economic Forum to denounce the whole post-war settlement as a bullshit arrangement, announcing that we were in a period of "rupture" and promising a new world of "variable geometry" in which "middle powers" would exist in overlapping webs of alliances, without the USA:
Now, thanks to Trump's America First agenda, America's many advantages are collapsing. The dollar is in retreat, with Ethiopia revaluing its national debt in Chinese renminbi:
Even worse: Trump's disastrous war of choice in Iran is heading for a humiliating defeat for the dollar, with Iran announcing that any peace deal will require a $2m/ship toll to pass through the Strait of Hormuz, a toll they're already collecting, payable only in renminbi:
(I really hope Trump's plan to rename it the "Strait of Trump" catches on, so that his name in invoked with every tanker that traverses the strait, weakening the dollar and America's power – a very fitting legacy.)
For the past quarter-century, I've fought the US Trade Representative in various international fora, as the USTR piled all kinds of conditions America's trading partners that made it impossible to pursue any kind of technological sovereignty:
Every now and then, I think about how furious the USTR must be, watching Trump blunder through all the subtle traps they wove around the planet.
Take the "digital trade agenda," a set of policies that the US has made its top priority for a decade. Countries that succumbed to the digital trade agenda had to agree not to pursue "data localization" (rules that ban companies from moving or storing data about the people of your country outside of its borders), and they had to agree to duty-free status for digital exports like apps, music, games, ebooks and videos.
Today, the digital trade agenda is in tatters. Data localization is the top priority, with projects like the Eurostack and the European Digital Infrastructure Consortium breaking all land-speed records to build on-shore apps and data-centers that will keep data out of the hands of American companies and the American government:
And this week, duty-free status for digital assets hit the skids when a meeting of the World Trade Organization saw America's demands for a 10-year renewal of a global deal fail because Brazil wouldn't agree to it. Brazil has good reasons to mistrust the digital trade agenda, after Trump and Microsoft colluded to shut down a high court judge's online life in retaliation for passing sentence on the Trump-allied former dictator, Jair Bolsonaro:
Brazil blocked the 10-year renewal of the duty-free status of digital exports, worldwide. In its place, the US got a two-year renewal – meaning that US companies' ability to export their digital products after 2028 will depend on whatever Trump does in the next two years, a period during which we know Trump is going to be a raging asshole (assuming he doesn't have a stroke first).
Even more interesting: Brazil struck a "minilateral" digital duty-free deal with 66 non-US countries, including Canada and the EU:
Now, the US is a powerhouse exporter of digital goods, and has been since the start. This was such a given that in Neal Stephenson's 1992 cyberpunk classic Snow Crash, Stephenson imagined a future where the US had all but collapsed, save for the three things it did better than anyone else in the world: "music, movies and microcode":
Today, America's media and software industries are dying, and Trump is holding a pillow over their faces. He stole Tiktok and gave it to his buddy Larry Ellison, whose failson's acquisition and merger of two of the five remaining studios Trump also waved through:
Game studios are ensloppifying their flagship products, alienating their most ardent customers, and are laying off thousands of programmers and artists following incestuous mergers that leave them hopelessly bloated:
Now, thanks to Trump, there are just a couple of years until America's wilting cultural exports will face high tariffs from markets where international media is surging.
This is how the American century ends: not with a bang, but with a Trump.
"Red Team Blues": "A grabby, compulsive thriller that will leave you knowing more about how the world works than you did before." Tor Books http://redteamblues.com.
"Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin", on how to unrig the markets for creative labor, Beacon Press/Scribe 2022 https://chokepointcapitalism.com
Currently writing: "The Post-American Internet," a sequel to "Enshittification," about the better world the rest of us get to have now that Trump has torched America. First draft complete. Second draft underway.
"The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. LEGAL REVIEW AND COPYEDIT COMPLETE.
"The Post-American Internet," a short book about internet policy in the age of Trumpism. PLANNING.
A Little Brother short story about DIY insulin PLANNING
This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.
Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.
"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla
READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
It’s been a tough 24 hours for Trump, and it will likely get worse as he heads to the Supreme Court today to attend oral arguments on his illegal and unconstitutional order eliminating birthright citizenship.
In fact, Trump has suffered so many setbacks in the last day that I couldn’t help wonder: Has Trump become a paper tyrant?
By this I mean, while Trump shuffles about and issues pronouncements like a king, is he being treated like little more than a court jester?
Let’s run through some top stories to test this hypothesis, all from just the past day.
So, it’s not going well. Despite over 3,000 bombings missions striking targets in Iran, killing over 2000 of people including over 170 school children, Iran has not surrendered. Nor has it agreed to open the Strait of Hormuz, through which flows a fifth of the world’s oil and gas.
Trump is mustering U.S. forces toward the Persian Gulf, but our allies are not leaping to help. Indeed, our closest ally, the United Kingdom, has declined to participate in most offensive operations alongside the U.S. And like Trump did with Mark Carney and Canada’s Liberal Party, his attacks on Starmer appear to be boosting the Prime Minister’s personal approval ratings, with polling showing a 26-point improvement when voters are reminded of their rift — potentially helping Starmer survive a leadership challenge even if Labour fares poorly in May’s local elections.
With our NATO allies declining to help the U.S. forcibly reopen the Strait, Defense Secretary Pete Hegseth is now whining that we won’t be there for them when they need us, calling the very existence of the most important and successful defensive alliance in modern history into serious doubt.
Trump is now signaling he wants to end the war without reopening the Strait of Hormuz. That would leave the world worse off than before and do nothing to curb rising energy and food prices.
When Trump finally does TACO and orders a retreat, the big question that will long linger is, “What was the point of all that?”
(And no, we haven’t forgotten about the Epstein files.)
Mail-in voting executive order
Yesterday, Trump issued a sweeping executive order attacking mail-in voting, despite voting by mail himself multiple times. The order would effectively create a national voter list by using federal databases to identify adult citizens for states to compare against their voter rolls. Meanwhile, the U.S. Postal Service would be required to transmit ballots only for states that have provided a list of eligible mail voters 60 days before the election.
Previous Trump executive orders attempting to impose nationwide election rules — including proof-of-citizenship requirements and federal control over voter registration processes — were blocked by federal courts, which ruled that the president cannot unilaterally rewrite election law.
Trump was nevertheless defiant. “I don’t know how it can be challenged. They’ll probably challenge it. You may find a rogue judge,” he added. “A lot of rogue judges. Very bad, bad people. A lot of bad judges.”
Election experts argue that the order is likely DOA in the courts because the Constitution leaves the federal elections to the states, not the White House. David Becker, the executive director of Center for Election Innovation and Research, called the order “unconstitutional on its face” and expects it “will be blocked by multiple federal courts in a very, very short period of time and will have no legal effect whatsoever.”
Civil suit against Trump can proceed
Adding to Trump’s legal woes was a long-awaited federal court order from Judge Amit Mehta of the D.C. District Court. Per Politico, Judge Mehta ruled that evidence produced in the case brought by police officers and Democratic lawmakers showed that Trump’s speech at the Ellipse on January 6 was political in nature. It was therefore not covered by any broad immunity the Supreme Court had applied to a president’s official acts.
Trump has tried to derail this lawsuit for years, arguing that his words and deeds were protected from any civil liability by his immunity as president. Not so, said Judge Mehta. “President Trump has not shown that the Speech reasonably can be understood as falling within the outer perimeter of his Presidential duties,” Mehta wrote in his 79-page opinion. “The content of the Ellipse Speech confirms that it is not covered by official-acts immunity.”
The decision means years of additional litigation and appeals for Trump, while giving litigants a path forward.
Big Beautiful Blue Ballsroom
In a decision likely to evoke cheers across the country, another federal court, in a ruling by Judge Richard J. Leon, appointed by George W. Bush, halted further construction of Trump’s $400 million ballroom. As the New York Times reported,
In an opinion punctuated by 19 exclamation points, Judge Leon also reiterated concerns he had raised for months in court: that from the start, the administration has provided shifting and questionable accounts of who was in charge of the project and under what authority private donations could be accepted to fund it.
Judge Leon hinted that Congress could get the ball rolling again by passing authorizing legislation. “Unless and until Congress blesses this project through statutory authorization, construction has to stop!” he wrote. “But here is the good news. It is not too late for Congress to authorize the continued construction of the ballroom project.”
Such an effort would be highly unpopular among voters, and Judge Leon likely understands that. Good news indeed!
Trump didn’t take the news well. In a Truth Social post following the ruling, Trump lashed out over being sued by the National Trust for Historic Preservation over a ballroom that is “under budget, ahead of schedule, being built at no cost to the Taxpayer, and will be the finest building of its kind anywhere in the World.”
Birthright citizenship case
Finally, later today Trump is expected to face skepticism from SCOTUS as it hears a challenge to his birthright citizenship order, which is also plainly unconstitutional. (Fun fact: My friend and former colleague at the Keker & Van Nest law firm in San Francisco, Cecillia Wang, who is now National Legal Director for the ACLU, will be arguing the case.)
As NPR noted,
Trump has long maintained that the Constitution does not guarantee birthright citizenship. So, on Day 1 of his second term, he issued an executive order barring automatic citizenship for any baby born in the U.S. whose parents entered the country illegally or who were here legally, but on a temporary, or even a long-term visa.
Trump likes to claim we are the only country that grants birthright citizenship, but there are actually more than 30 others, including our neighbors Canada and Mexico. It’s a common practice among countries in the Americas.
After the Civil War, and to undo the pernicious Dred Scott decision of 1857, Congress passed the 14th Amendment defining citizenship in broad terms: “All persons born or naturalized in the United States and subject to the jurisdiction thereof, are citizens of the United States.”
It will be hard for Trump to get around the plain text of the 14th Amendment and the legislative record, showing Congress intended to extend birthright citizenship broadly, including to immigrants.
Roaring like a tyrant, ruling like a fool
With all these setbacks, snubs by our allies and federal court smackdowns, Trump is looking like a lame duck paper tyrant, all strut and bluster but little ability to act beyond the bounds of his authority and power. Granted, when it comes to making war, that authority and power are considerable, especially with a GOP unwilling to rein him in.
But in other matters, if he thinks he can simply rule by decree, change our voting system and our Constitution at the stroke of a pen, alter whatever he wants of our cherished landmarks and property, and escape civil or even criminal liability for actions lying outside the authority of his office, he will be mightily disappointed.
Villages of Hullathy Gram Panchayat in a steep arid valley in the north face of the Nilgiri Mountains. Villagers have created a vibrant agrarian economy, largely vegetables and tea, using terraces and irrigation. Tamil Nadu, India.
In a complaint filed at a Nashville federal court in 2023, Universal Music, Sony Music, EMI and others, accused X Corp of 
_Photo_by_Giles_Laurent.jpg)
