Context is important in my opinion.
NSO Group: Lobbying Is Often Helpful
July 20, 2022
More NSO Group news. “Pegasus Spyware Maker NSO Is Conducting a Lobbying Campaign to Get Off U.S. Blacklist.” The article states as actual factual:
NSO has invested hundreds of thousands of dollars in the past year in payments to lobbyists, public relations companies and law firms in the U.S., in the hope of reversing the Biden administration’s November decision, according to public records filed under the Foreign Agent Registration Act and conversations with people familiar with the effort. These firms have approached members of the U.S. House and Senate, as well as various media outlets and think tanks across the U.S., on NSO’s behalf.
Who knew? NSO Group has been able to attract media attention for months.
The write up points out:
NSO is trying to get the matter raised during a meeting between U.S. President Joe Biden and Israeli Prime Minister Yair Lapid when the former visits Israel this week. In addition, NSO lobbyists unsuccessfully tried to set up a meeting between representatives of the company and U.S. National Security Adviser Jake Sullivan, but it did not take place. Asked for comment, an NSO spokesperson declined to comment on the campaign but “thanked” Shomrim for publishing an article on its efforts, which he described as “supportive.”
Interesting. Why won’t world leaders do what a high tech outfit providing specialized services want?
NSO Group has been trying to explain its position; for example, the cited article notes:
In a different letter distributed by the firm this year, NSO states it has “developed a human rights governance compliance program,” saying it would conduct a review of all users to see whether they might use the technology used to “violate human rights.”
In my upcoming lecture for a law enforcement group, I point out that with each passing day it is increasingly difficult to figure out what information is “valid”. As a result, the utility of open source information is eroding. Perhaps the Golden Age of OSINT is darkened with weaponized information?
Interesting?
Stephen E Arnold, July 20, 2022
Meta: Trying Not to Zuck Up
July 20, 2022
Meta is the umbrella company for Facebook and Instagram. The company created the Oversight board to monitor appeals for content moderation on the platforms. The BBC examines the Meta and the banned content in: “Meta Board Hears Over A Million Appeals Over Removed Posts.” The majority of the disputed posts were from Canada, Europe, and the United States. They contained violent, hate speech, or bullying content.
The Oversight Board published twenty cases of appealed content and ruled against Meta in fourteen of them. Some of the cases were: photos of female breasts in a breast cancer post, a photo of a dead child with text about whether it was right to retaliate against China for how it treats Uighur Muslims, and the decision to ban Donald Trump after the January 6 rots. The board overturned banning the breast and dead child images, but supported the Trump decision.
The Oversight Board was originally going to review 130 cases, but Meta agreed that it was wrong removing content on fifty-one of them.
“Board director Thomas Hughes said it looked for “emblematic” cases with “problematic elements” to take on. He added that the categories of hate speech, violence and bullying were “difficult-to-judge issues” – especially for automated systems. ‘Also in many of those cases, context is extremely important,’ he said.”
The Oversight Board released its first annual report covering October 2020-December 2121. Anyone can appeal a decision about removed content. During the first period, 1.1 million cases were received, 2,600 cases are reported a day, and 47 of them came to the board. Most of the complaints came from western countries. Ninety-four percent of the requests were to restore content mostly a user’s posts.
The Oversight Board is compared to a supreme court for Meta and Mark Zuckerberg formed it. Meta pays for its costs, but it operates separately. Its members include human rights activists, lawyers, academics, and journalists. During the appeals session, the board made 86 more recommendations, including translating policies into more languages and being more specific about what constitutes hate speech.
Whitney Grace, July 20, 2022
Site Rot Quantified
July 20, 2022
There’s weird page rot. That was a feature of MySpace and GeoCities. Then there was link rot. That was a feature of my original Web site when I retired. I just stopped remediating dead links. I did not want to do the work myself and I allowed the majority of my team to find their future elsewhere. Ergo, dead links. Too bad, Google.
Now there is site rot.
“10% of the Top One Million Sites Are Dead” explains the process of figuring out this number. There are rah rahs for tools and scripts. Good stuff, but my interest is a single number:
892,013
Several early morning thoughts (July 16, 2022):
- The idea that a million is not a million illustrates the inherent ageing and concomitant deterioration of Internet “things”; namely, Web sites. Why are sites not sites as defined in the write up? Money, laziness, inconsistencies engineered into the information superhighway, or some other reason?
- Locating sites on the Wayback Machine or whatever it is now called is an exercise in frustration. With sites rotting and Wayback delivering zero content, the data void is significant.
- The moniker “million” when the count is smaller is another example of the close-enough-for-horse-shoes approach which is popular among some high-tech outfits.
Just remember. I don’t care, and I wonder how many others share my mind set. Good enough.
Stephen E Arnold, July 20, 2022
NSO Group and the Big Mango
July 19, 2022
“Pegasus Used to Spy on Protesters, a Popular Actress, and Dozens More in Thailand, Report Shows” presents more allegedly accurate information about the NSO Group. The Israeli company has demonstrated a remarkable ability to make headlines. The cited article states:
At least 30 Thai citizens were targeted by the Pegasus phone-hacking software between October 2020 and November 2021, according to a forensic report by the Canadian digital rights organization CitizenLab and Thai NGOs iLaw and DigitalReach.
What’s interesting about this article about the Pegasus software is the assertion about the targets of the alleged surveillance. I noted this passage:
An anti-government rapper, Dechathorn “Hockhacker” Bamrungmuang; a famous Thai actress, Intira Charoenpura; and a political science professor, Prajak Kongkirati, were also among those attacked.
Fascinating. A rapper named Hockhacker. Curious I searched YouTube and located this audio track: https://www.youtube.com/watch?v=qcqoxUICnU8.
Who knew? Will Hockhacker surge to the pinnacle of musical popularity? Will Hockhacker match NSO Group’s PR-ability? Life is chock full of opportunities.
Stephen E Arnold, July 19, 2022
Proofpoint: Journalists Wear a Bull’s Eye instead of a Shirt with Ink Stained Cuffs
July 19, 2022
Proofpoint is a cyber security firm. The company published an interesting blog essay called “Above the Fold and in Your Inbox: Tracing State-Aligned Activity Targeting Journalists, Media.” The write up presents allegedly accurate information that a number of nation states are targeting journalists. This makes sense because some journalists are, in effect, crime and intelligence analysts at heart. Their methods are often similar to those used as certain government organizations.
Is this a new insight from the world’s intelligence professionals? I don’t think so.
The write up states:
Journalists and media organizations are well sought-after targets with Proofpoint researchers observing APT actors, specifically those that are state-sponsored or state-aligned, routinely masquerading as or targeting journalists and media organizations because of the unique access and information they can provide. The media sector and those that work within it can open doors that others cannot. A well-timed, successful attack on a journalist’s email account could provide insights into sensitive, budding stories and source identification. A compromised account could be used to spread disinformation or pro-state propaganda, provide disinformation during times of war or pandemic, or be used to influence a politically charged atmosphere. Most commonly, phishing attacks targeting journalists are used for espionage or to gain key insights into the inner workings of another government, company, or other area of state-designated import.
What nation states are allegedly targeting certain journalists? The article mentions by name these countries:
China
Iran
North Korea
Turkey (sic). The country’s new name is Türkiye
The article includes examples of the Proofpoint analysts’ identification of actions.
The write up concludes with what appears to be some free advice:
The varied approaches by APT actors—using web beacons for reconnaissance, credential harvesting, and sending malware to gain a foothold in a recipient’s network—means those operating in the media space need to stay vigilant.
Many journalists, in my experience, are unaware of the nuances of staying vigilant. Targets are targets because they can be hit. Examples of what has happened are interesting. May I suggest that journalists receive appropriate instruction when learning their craft. Instruction in vigilance may need to be upgraded or enhanced. Many journalists — particularly what I call the Silicon Valley variety — are more interested in recognition, media clout, and being visible than stepping back and asking, “Have I been targeted, played, and manipulated?”
Stephen E Arnold, July 19, 2022
How to Point Out a Consulting Outfit Is Often Full of Beans
July 19, 2022
I read a write up in the UK online publication The Register. The article was “IT Departments Often Regret Technology Buying Decisions.” I immediately thought about Google’s mantra that organizations did not need information technology departments. I think the reasoning behind the statement was, “Let Google do it because we are smarter and have scaling, analytics, smart software, etc., etc.” I first heard this mantra in the 2002, maybe 2003 period. I wondered if the article was just recycling Google-type fluff-a-roo?
Yes because I have heard this before. Nope because the mid tier consulting firm is probably unaware of the world before checking TikTok in the last 10 minutes.
The write up pivots on a mid tier consulting firm which has “reinvented” the Google-type mantra with a bit of the rap music beat.
I learned:
Fifty-six percent of organizations said they had a high degree of regret over their largest tech-related purchase in the last two years, according to a new survey of 1,120 executives in North America, Western Europe, and Asia/Pacific.
Ok, almost 60 percent are faced with a persistent problem. This is not technical debt; this is here-and-now craziness.
I found this passage a slightly nicer way of saying what the Google-type mantra arrogantly implied:
… For anyone left picking up the technical pieces, 67 percent of people involved in technology-buying decisions are not in IT, which means that anyone could be a tech buyer for their organization. This is the so-called lines of business phenomenon where someone in marketing, for example, uses the corporate credit card to buy a product or service that IT admins then have to help manage.
Who is best qualified to make technology decisions for an organization? The answer is obvious:
- MBAs who can use Excel
- Accountants who can use a pencil and paper
- Lawyers who can use Word and maybe a time reporting system
- Marketing professionals who can use gym equipment, acrylic paints, and art museum audio tour gear.
The outfit creating this report is a mid-tier consulting firm.
Now here’s the way to put the obvious into a for fee report:
Whether anyone has experienced buyer’s remorse after shelling out thousands of dollars for a Gartner report is a question upon which The Register cannot comment.
Bingo. Very obvious report. An expensive mid tier report which could have been summarized by talking to a Googler more than a decade or more ago. And the remarkable inability of experts to perceive that their expertise is a reflection of the present technology environment. Score: Mid tier zero. Register one.
Stephen E Arnold, July 19, 2022
EU Consumer Groups File Privacy Complaints Against Google
July 19, 2022
The EU’s General Data Protection Regulation specifies platforms must protect users’ privacy “by design and by default.” However, the European Consumer Organisation (BEUC) asserts Google’s registration process violates that regulation. The BBC reports, “Google Sign-Up ‘Fast Track to Surveillance’, Consumer Groups Say.” The BEUC is leading a band of 10 consumer organizations in filing complaints against the company with data-protection authorities in several European countries. The Federation of German Consumer Organisations has gone so far as to send Google a warning letter. The article notes:
“The [BEUC] believes sign-up is the critical point at which Google asks users to choose how their account will operate. But the simplest one step ‘express personalisation’ process, it alleges, leaves consumers with account settings that ‘feed Google’s surveillance activities’. And the consumer organisation says Google does not provide users with the option to turn all settings ‘off’ in one click. Instead, BEUC says, it takes five steps and ten clicks to turn off the trackers Google wants to activate on a new account – these relate to web and app activity, YouTube history and personalised advertising on their account. Ursula Pachl, deputy director general of the BEUC, said: ‘It takes one simple step to let Google monitor and exploit everything you do. If you want to benefit from privacy-friendly settings, you must navigate through a longer process and a mix of unclear and misleading options’. Ms Pachl added: ‘In short, when you create a Google account, you are subjected to surveillance by design and by default. Instead, privacy protection should be the default and easiest choice for consumers.'”
We are reminded Google requires registration before one can use most of its ubiquitous services. Google insists its sign-up process makes users’ privacy options clear and simple to navigate. That may be a matter of opinion, depending on how tech savvy one is, but the insistence is a red herring. The point is that requiring users to jump through hoops to secure privacy means it cannot be considered the “default” setting, as the law requires. The effort to bring these complaints emerges as a similar complaint filed by the BEUC in Ireland in 2018 is said to be making progress, with a draft decision expected in a matter of months. Perhaps one or more of these actions will result in penalties large enough that Google cannot shrug them off as easily as a strongly worded letter. Hey, anything is possible.
Cynthia Murrell, July 22, 2022
Amazon: Other Trivial Changes Post Bezos
July 18, 2022
I read “Amazon CEO Andy Jassy Breaks from the Bezos Way.” I suppose the sentence “He was very inquisitive” sums up a key difference. Did Mr. Bezos know? Does Mr. Jassy not know? The thrust of the write up is that Amazon is changing. Like many “real” news discussions of the Bezos bulldozer with a new person at the controls, some small — and probably irrelevant to many. From my point of view, a few small changes suggest rather interesting adjustments for the giant online bookstore.
Let’s look quickly at four small changes and conclude with a question.
First, if you want to manage books on a Kindle reader, the process is now cumbersome, unintuitive, and ill advised. Why? People who read want to know what books are on the Kindle, ready to read. Also, when one finishes a book, some people — including me — want to remove the book from the device. No more. Now once has to be quite careful when trying to navigate the device; otherwise, one buys books. How does one connect from a WiFi network? That process is also convoluted, and I use a simple trick: A Faraday set up. Doesn’t everyone have one? The software is not a Dark Pattern; it’s an indication of Amazon’s desire to make what once worked unworkable for some.
Second, order certain products and then try to cancel them. Sorry. The cancel order policy has changed and results in messages like this:
I like the hope to see you again. My hunch is that you will be seeing some people less and less.
Third, news is circulating in the “real” news stream about Amazon releasing certain Ring data without the warrant process being followed. “Today I Learned Amazon Has a Form So Police Can Get My Data without Permission or a Warrant” allegedly presents this Amazon policy and discusses it. If the write up is accurate, my thought is that following legal procedures is a helpful policy. Defense attorneys love to discover this type of work around. The result is that expensive investigations can get thrown out and alleged bad actors can resume their activities. That’s a change worth monitoring.
Finally, have you tried to reach Amazon customer support? Give it a whirl. Our test efforts to contact Amazon and AWS went nowhere literally. The chatbots and logic are set up to lead one back to forms which are like merry-go-rounds. Fun for the young at heart. For a customer with a problem, the process is not too amusing.
To sum up, there are changes at Amazon post Bezos. Lobbying is one facet of the brave new world for the online bookstore. The other shifts may be as or more important. Is Amazon a monopoly? That’s a good question.
Stephen E Arnold, July 18, 2022
Meta or Zuckbook: A Look Back to 2020 and 2021 and Years of Human Rights and Other Stuff Progress
July 18, 2022
Meta or the Zuckbook is into human rights. The evidence is a free 83 page report called “Meta Human Rights Report: Insights and Actions 2020-2021.” The document covers in order of presentation:
An Executive Summary (~ seven pages)
Meta’s Human Rights Work in Practice (~ two pages)
Table of Contents with the book beginning on page 13 (yeah, I wondered about the numbering too)
Human Rights Policy Timeline
Part 1: Meta’s Human Rights Commitments (~ 11 pages)
Part 2: Meta’s Human Rights Policy in Practice (28 to 82 or 54 pages)
A Final Note.
The content of the report is interesting. I found a couple of statements which caused me to take up my trusty True Blue color marker. May I share what I circled?
We seek to embed our commitments in a governance model which supports integration of our human rights work with ongoing activities and policies on civil rights and Environmental, Social and Corporate Governance (ESG) efforts, as part of the company’s culture, governance, decision making processes and communication strategies.
Seek and you will find I suppose.
Simply put — we seek to translate human rights guidance into meaningful action, every day.
Yep, another notable “seek.”
In these circumstances we seek to promote international human rights standards by engaging with governments, and by collaborating with other stakeholders and companies.
Okay, seek. How about a quick visit to FreeThesaurus.com for some help?
We also have technical mechanisms in place to mitigate and prevent third parties from accessing data from Meta, through proactive and reactive measures like prevention, deterrence, detection and enforcement.
Do Israeli intelware companies have systems and methods to obviate these super duper data slurpers? “Senator, that you for the question. I will send that information to your office” may be the response to a Congressional questioner.
I enjoyed this quote from the sci fi icon Isaac Asimov:
“The saddest aspect of life right now is that science gathers knowledge faster than society gathers wisdom.”
Here’s my take on Facebook-type social media:
Nothing tears apart a society than ill-managed, ad-centric social media.
I am not Isaac Asimov, but I think I am correct in my observation. Enjoy the “looking back” report from the estimable virtual reality social ad selling heir to MySpace and Friendster. Will Facebook share a similar fate? Gee, I hope not. I am interested in learning if Isaac Asimov’s quote applies to Facebook in 2022:
You don’t need to predict the future. Just choose a future — a good future, a useful future — and make the kind of prediction that will alter human emotions and reactions in such a way that the future you predicted will be brought about. Better to make a good future than predict a bad one.
Did the Meta Zuck thing predict I would sit in my chair with a headset on, interacting with what may or may not be humans, instead of meeting in a coffee shop or an office conference room and talking to a live person? What’s up in 2022? Wow, more Zuckster stuff.
Stephen E Arnold, July xx, 2022
The Cost of Cyber Security Misconfiguration
July 18, 2022
The numbers tossed around about the cost of a security breach are interesting. I have formed the opinion that the cost estimates are a result of what I have called spreadsheet fever. Plug in numbers, make them flow, and go, baby, go. I read “Razer Seeks $7m from Capgemini for 2020 Data Breach.” The write up explains:
The Singapore-born gaming firm is seeking compensation of nearly US$7 million in damages, which also includes a US$2,000 reward to the security researcher who discovered the breach under the company’s bug bounty program.
What outfit is the target of the litigation? The write up says:
In its lawsuit, Razer alleged that the security breach was the result of a misconfiguration of the “ELK Stack,” caused by one of Capgemini’s employees.
The ELK is not the majestic animal. The ELK in the cyber context represents open source software glued together to deliver a range of security features. The trick is the configuration. Get a setting wrong, and the ELK is less healthy than some observers suspect. An unhealthy ELK can be problematic. This is not a big dead animal in the climate changed world. This creature puts revenue and others at risk of catching a bad disease themselves; for example, standing in the unemployment line, working the phone to reclaim their identity, and apply for a job at one of the booming cyber security vendors. Well, maybe not that particular angle.
The outcome of the lawsuit may provide some more data about the cost of a cyber screw up and details about the how of the alleged misstep.
Stephen E Arnold, July 19, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
