PayPal Blocks Purchases Of Tardigrade Merchandise For Potentially Violating US Sanctions Laws

Moderation at scale is impossible. And yet, you’d still hope we’d get better moderation than this, despite all the problems inherent in policing millions of transactions.

Archie McPhee — seller of all things weird and wonderful — recently tried promoting its “tardigrade” line of goods only to find out PayPal users couldn’t purchase them. Tardigrades are the official name for microscopic creatures known colloquially as “water bears.” Harmless enough, except PayPal blocked the transaction and sent this unhelpful response:

If you can’t read/see the tweet and the screenshot, here’s what it says:

Just an FYI that @PayPal is currently blocking all transactions containing the word “tardigrade” in the product name or description. We’ve contacted them and they told us we should just stop using the word tardigrade.

And PayPal’s response:

Every transaction that goes through our system, is reviewed by our internal security team. Certain words can trigger our security system. Unfortunately, this cannot be overridden. I would advise you to change the wording on your website to prevent this from happening.

PayPal’s size demands the use of automated moderation. But this outcome seems inexplicable. It says the “internal security team” manually reviewed the block… and decided to keep it in place anyway. What’s the point of having a “security team” if they can’t override the algorithm’s decision?

Then there’s the question as to why “tardigrade” is blocked in the first place. It’s the official name for a particularly hardy micro-animal found all over the world. Early speculation centered on the Scunthorpe Problem, suggesting PayPal blocks transactions involving forms of the word “retarded.”

But it appears to be even more ridiculous than that. Tim Ellis at GeekWire received this explanation from PayPal:

A PayPal representative put the blame on the US government’s Office of Foreign Assets Control (OFAC) sanctions, which contain an entry for an industrial supply company called “Tardigrade Limited” located in the country of Cyprus. According to PayPal, the word “tardigrade” triggered a manual review process because their system determined that the payments “may potentially violate US sanction laws.”

Customers have a Balkan arms dealer to blame for their inability to purchase tardigrade goods.

Slobodan Tesic (Tesic) was identified in the annex of E.O. 13818 on December 21, 2017. At the time of his designation, Tesic was among the biggest dealers of arms and munitions in the Balkans, spending nearly a decade on the United Nations (UN) Travel Ban List for violating UN sanctions against arms exports to Liberia.


Tesic also utilized Cyprus-based Tardigrade Limited (Tardigrade) to conduct business in third-party countries, particularly Arab and African countries. Tesic has also used his Serbian companies to sign contracts with Tardigrade before selling the goods to a final buyer.

So, “tardigrade” is flagged by the system as indicative of sanctions violations. But there’s that term again: “manual review.” Is it impossible for reviewers to distinguish between arms sales through third parties and these?

Now, it could be the manual review team didn’t want to end up on the wrong side of sanctions and felt safer blocking transactions than possibly allowing an arms dealer to launder money through the sale of adorable water bear products. Or it could be the manual “review” consists of scrolling through a list of flagged items as quickly as possible and hitting the “approve all” button. Whatever it is, it ain’t working. And Archie McPhee isn’t the first retailer to run into this problem. Two months ago, Two Photon Art noted it had to rename its Tardigrade pin to “Water Bear Enamel Pin” to allow PayPal users to purchase it.

Erring on the side of caution seems like the smart thing to do. But when the term “manual review” accompanies “automated process,” you’d think manual reviewers would see these errors for what they are, rather than allow the blocking to continue. It appears PayPal is doing a little more manual review for tardigrade-related purchases now that it’s gone a bit viral, with customers experiencing delays rather than being hit with warnings their purchases have violated PayPal policies.

The upshot is stuff like this will only become more common as time goes on. The more pressure that’s placed on tech companies to aggressively police content, the greater the chance harmless content will be rendered inaccessible. It’s not that companies shouldn’t make efforts to keep their sites free of illegal content and whatever the companies would rather not see on their sites, but automated moderation will always create issues like these. And there just aren’t enough manual reviewers available to clean up algorithmic mistakes.


Trump Gets Mad That Twitter Won’t Take Down A Parody Of Mitch McConnell; Demands Unconstitutional Laws

I’m still perplexed by Trumpian folks insisting that the President is a supporter of free speech (or the Constitution). It’s quite clear that he’s been a huge supporter of censorship over the years. The latest example is, perhaps, the most bizarre (while also being totally par for the course with regards to this President). For unclear reasons, the President has retweeted someone with fewer than 200 followers, who posted a picture of Senate Majority Leader Mitch McConnell in traditional Russian soldier garb… while complaining that Twitter won’t take that image down, while it has “taken down” manipulated media from his supporters.

The tweet says:

Why does Twitter leave phony pictures like this up, but take down Republican/Conservative pictures and statements that are true? Mitch must fight back and repeal Section 230, immediately. Stop biased Big Tech before they stop you!

He then tags two Republican Senators who have spent years pushing bullshit bills and making misleading arguments about how evil certain internet companies are.

There are so many things wrong with this one tweet, I feel it’s best to number them:

  1. First of all, content moderation at scale is impossible to do well, so it never is reasonable to use a single anecdote to prove bias or to claim that Twitter is somehow doing something wrong. And that’s even if this image should have been taken down, which it should not have.
  2. Next, this is just parody. And it’s obvious parody (except, I guess to our humorless President). There’s no reason to take down parody.
  3. Twitter isn’t taking down “Republican/Conservative pictures and statements that are true.” They are taking down or putting warnings on manipulated media that has been posted with the intent to mislead. No one is going to look at the picture of McConnell and think it’s proof that he really is doing Putin’s bidding.
  4. And, what “Republican/Conservative pictures and statements that are true” has Twitter actually taken down?
  5. Repealing Section 230 would make this situation worse for Trump and his fans, not better. If Twitter was likely to face lawsuits for tweets that infringe upon rights, then it has much stronger incentive to take down the kinds of defamatory, bogus tweets that Trump and his fans like to put up regularly.
  6. And it would still have no reason to take down a parody image like the one Trump is tweeting.
  7. Even if Twitter was choosing to take down content from Trump fans and allowing content from his critics to stay up that’s perfectly legal (and, again, there remains no evidence to support this claim). There is nothing against the law about being politically biased. If there were, then Fox News, Breitbart, OANN and others would be in a deep pile of shit. Yet, somehow all the “social media is biased!” folks never seem to address any of that.
  8. Bonus round: Because of Trump’s continued unwillingness to understand the Streisand Effect, he just gave this image that very few people saw, a massive boost in attention. For what?

But, of course, Josh Hawley rushed in to use this travesty to push his blatantly unconstitutional bill.

Hawley doesn’t say which of his many, many anti-Section 230 bills he’s talking about, but in saying that it’s the bill that would “permit individuals unfairly censored by #BigTech to sue!” he likely means this particularly unconstitutional pile of garbage. Even if the bill somehow passed (and it won’t) both Houses of Congress and somehow wasn’t judged unconstitutional (it would be), it still wouldn’t do what Hawley and Trump seem to want it to do.

Without Section 230 protections Twitter would be much quicker to take down this kind of nonsense to avoid liability. It wouldn’t magically decide to keep up Trumpian propaganda that might get it sued. We already know this is true because we see it in the copyright space. In copyright, there is much more liability for leaving infringing content up, because of the DMCA 512 safe harbors not being nearly as broad as Section 230’s immunity provision. And, because of that, we’ve seen Twitter take down infringing content from Trump and his fans much more frequently than they take down (or label) other content. Because the lack of a liability shield means that Twitter would have more pressure to take this content down.

It’s difficult to believe that someone like Josh Hawley doesn’t know this. But Josh Hawley — the very definition of the elite — has made his reputation by lying to stupid people, while pretending to be against the elite. And so he knows that this bill can’t pass and that it’s unconstitutional, and that it would do the opposite of what he claims. But he seems to be betting on stupid people buying into this latest culture war.


Interview: Metasploit founder HD Moore on bug bounties, computer security laws, and coronavirus

I believe we still need a comprehensive reform of our computer security laws. HD Moore founded the Metasploit Project What changes do you think the current coronavirus pandemic and the greater use of …
computer security – read more

Data Breach Litigation Preparation: What US Laws Apply to Data Breaches? – CTOvision

Data Breach Litigation Preparation: What US Laws Apply to Data Breaches?  CTOvision
“data breach” – read more