NSO Group: Talking and Not Talking Is Quite a Trick

July 30, 2021

I read “A Tech Firm Has Blocked Some Governments from Using Its Spyware over Misuse Claims.” First, let’s consider the headline. If the headline is factual, the message I get is that NSO Group operates one or more servers through which Pegasus traffic flows. Thus, the Pegasus system includes one or more servers which have log files, uptime monitoring, and administrative tools which permit operations like filtering, updating, and the like. Thus, a systems administrator with authorized access to one or a fleet of NSO Group servers supporting Pegasus can do what some system administrators do: Check out what’s shakin’ with the distributed system. Is the headline accurate? I sure don’t know, but the implication of the headline (assuming it is not a Google SEO ploy to snag traffic) is that NSO Group is in a position to know — perhaps in real time via a nifty AWS-type dashboard — who is doing what, when, where, for how long, and other helpful details about which a curious observer finds interesting, noteworthy, or suitable for assessing an upcharge. Money is important in zippy modern online systems in my experience.

My goodness. That headline was inspirational.

What about the write up itself from the real news outfit National Public Radio or NPR, once home to Bob Edwards, who was from Louisville, not far from the shack next to a mine run off pond outside my door. Ah, Louisville, mine drainage, and a person who finds this passage suggestive:

“There is an investigation into some clients. Some of those clients have been temporarily suspended,” said the source in the company, who spoke to NPR on condition of anonymity because company policy states that NSO “will no longer be responding to media inquiries on this matter and it will not play along with the vicious and slanderous campaign.”

So the company won’t talk to the media, but does talk to the media, specifically NPR. What do I think about that? Gee, I just don’t know. Perhaps I don’t understand the logic of NSO Group. But I don’t grasp what “unlimited” means when a US wireless provider assures customers that they have unlimited bandwidth. I am just stupid.

Next, I noted:

NSO says it has 60 customers in 40 countries, all of them intelligence agencies, law enforcement bodies and militaries. It says in recent years, before the media reports, it blocked its software from five governmental agencies, including two in the past year, after finding evidence of misuse. The Washington Post reported the clients suspended include Saudi Arabia, Dubai in the United Arab Emirates and some public agencies in Mexico. The company says it only sells its spyware to countries for the purpose of fighting terrorism and crime, but the recent reports claim NSO dealt with countries known to engage in surveillance of their citizens and that dozens of smartphones were found to be infected with its spyware.

Okay, if the headline is on the beam, then NSO Group, maybe some unnamed Israeli government agencies like the unit issuing export licenses for NSO Group-type software, and possibly some “trusted” third parties are going to prowl through the data about the usage of Pegasus by entities. Some of these agencies may be quite secretive. Imagine the meetings going on in which those in these secret agencies. What will the top dogs in these secret outfits about the risks of having NSO Group’s data sifted, filtered, and processed by Fancy Dan analytics’ systems tell their bosses? Yeah, that will test the efficacy of advanced degrees, political acumen, and possible fear.

And what’s NSO Group’s position. The information does not come from an NSO Group professional who does not talk to the media but sort of does. Here’s the word from the NSO Group’s lawyer:

Shmuel Sunray, who serves as general counsel to NSO Group, said the intense scrutiny facing the company was unfair considering its own vetting efforts.

“What we are doing is, what I think today is, the best standard that can be done,” Sunray told NPR. “We’re on the one hand, I think, the world leaders in our human rights compliance, and the other hand we’re the poster child of human rights abuse.”

I like this. We have the notion of NSO Group doing what it can do to the “best standard.” How many times has this situation faced an outfit in the intelware game, based in Herliya, and under the scrutiny of an Israeli agency which says yes or no to an export license for a Pegasus type system. Is this a new situation? Might be. If true, what NSO Group does will define the trajectory of intelware going forward, won’t it?

Next, I like the “world leaders” and “Human rights compliance.” This line creates opportunities for some what I would call Comedy Central comments. I will refrain and just ask you to consider the phrase in the context of the core functions and instrumentality of intelware. (If you want to talk in detail, write benkent2020 at yahoo dot com and one of my team will get back to you with terms and fees. If not, I am retired, so I don’t care.)

Exciting stuff and the NSO Group ice cream melt is getting stickier by the day. And in Herzliya, the temperature is 29 C. “C” is the grade I would assign to this  allegedly accurate statement from the article that NSO Group does not talk to the media. Get that story straight is my advice.

And, gentle NPR news professional, why not ask the lawyer about log file retention and access to data in Pegasus by an NSO system administrator?

Stephen E Arnold, July 30, 2021

Digital Kudzu: Constant Gardeners Arrive at the NSO Group Orangerie

July 29, 2021

Is this a line from a motion picture? “Hello, we’re from the government and we’re here to help you.” I can’t remember. But constant gardeners do make visits to places where stuff grows, even in 2021 in the midst of a spike in respiratory diseases and quite toasty 31 C weather with some inclement weather expected.

I read “Israel Begins Investigation into NSO Group Spyware Abuse.” I am never sure about the accuracy of information when the source is one of Jeffrey Epstein’s sources of academic inspiration. (Wasn’t there some fancy wordsmithing about MIT’s interactions with this high water mark of human interaction?) As M. Macron might say, “Petits pois.” So shall we assume that the “Israel Begins…” article is in the capable hands of an honest vendeur de fruits, shall we?

The write up asserts:

The Ministry of Defense did not specify which government agencies were involved in the investigation, but Israeli media previously reported that the foreign ministry, justice ministry, Mossad, and military intelligence were also looking into the company following the report. NSO Group CEO Shalev Hulio confirmed to MIT Technology Review that the visit had taken place but continued the company’s denials that the list published by reporters was linked to Pegasus.

Ah, a coincidence. There are so many in the modern world. Example, you want? Less driving during Covid, more traffic deaths? See coincidence.

The write up notes:

NSO is not the only Israeli hacking company in the news lately. Microsoft and the University of Toronto’s Citizen Lab also recently reported on hacking tools developed by Candiru that were subsequently used to target civil society groups.

Yep, Candiru. But are there other specialized software firms which the Israeli government might call, text, email, or Facetime? I don’t know from nothing because the Epstein-fave MIT “real” journalists did not mention any other firms. Am I to conclude that NSO Group and the Candiru outfit are rare birds, almost one of a kind?

Is it possible that NSO Group’s comments, the government’s alleged visit, and the grousing from the land of a couple of hundred different types of cheese are like the complaints of irritated customers of the orangerie’s delicate comestibles? If you got money, you can buy what the French call fruits mystérieux, right?

Observations:

  1. A visit in itself is surprising in the midst of a surge in Israel
  2. There indeed other firms providing specialized services, but these have been fortunate enough or wise enough to remain in the shed at rear of the orangeries in Herzliya
  3. The MIT Review is saddled with that Epstein thing; thus, it is difficult to do much more than ask, “Is this the rest of the story?”

Worth watching. Because fruits mystérieux. The care of constant gardeners may be needed. Could it be too late? Could the blight migrate to haricots verts, tomates allongées, and petit avocats.

Avocats? Fruits or conseillers juridique?

Stephen E Arnold, July 29, 2021

China Squeezes Tech Companies for Love, Not Money

July 29, 2021

China has always kept its tech companies on a short leash, but it has recently been especially vigorous about keeping them under control. The Conversation reports, “Facial Recognition for Gamers, App Store Bans for Didi: What’s Behind China’s Recent Crackdown on Big Tech?” We learn companies that had been getting away with certain infractions for years are suddenly facing regulators’ ire. There is also the recent rebuke of social-media platform Xiaohongshu for enabling “wealth-flaunting” when, apparently, such online immodesty is nothing new. And fresh regulations were swiftly implemented last year that just happened to frustrate Ant Group’s plans to go public after that company’s founder criticized regulators. Oops.

The article takes a special look at DiDi, an Uber clone that achieved its goal of debuting on the New York Stock Exchange. It raised enough to position it as the second-largest US IPO by a Chinese company. (Alibaba ranks first.) Normally that would be a point of pride for China, but regulators responded to the news by pulling it and 25 related apps from China’s app stores. DiDi’s value took a nosedive, and now the company faces a lawsuit by investors. Officials claim the company violated security regulations, but it is suspected China was (understandably) concerned that data on riders might end up in US government hands.

Writer Barney Tan puts these developments in perspective:

“To understand the rationale behind the Chinese government’s recent moves, we must first understand the parallel universe that is China’s technological landscape. In China, technology must never be harnessed solely for an individual or organization’s gain. Social good is always emphasized, as defined and enforced by the Chinese government. DiDi’s listing on the New York Stock Exchange would have undoubtedly fueled the company’s global expansion. But in the eyes of the Chinese government, it could have also hurt the nation’s collective interests. It remains to be seen whether this apparent contradiction can be resolved. China’s collectivist approach to technology consumption is also evident in its regulation of mobile games. … In 2019, the Chinese government imposed a video game curfew on minors, banning them from playing between 10pm and 8am — allegedly to curb gaming addiction. South Korea is the only other country with such a curfew.”

This is where facial recognition comes in. Gaming giant Tencent has been rolling out “Midnight Patrol,” a feature that will use that technology to catch underaged gamers logged in after hours on an adult’s account. The company reports the tool is now part of 60 games with more on the way. Tan continues:

“From a Western point of view, such measures may seem a draconian violation of privacy and freedom. In China, however, they are generally lauded and welcomed. The prevailing view is tech firms may profit commercially from the exploitation of technology, but not at the expense of social good.”

Yes, that is a difficult mindset for many of us to wrap our heads around. Chinese companies understand this, often using different versions of their products for foreign customers. That is why we have TikTok and Chinese citizens have the more restrictive Douyin, for example. To each their own, I suppose, but investors may want to reconsider before plonking down a lot of money on the next big Chinese tech firm’s IPO.

Cynthia Murrell, July 29, 2021

Putin Has Kill Switch

July 26, 2021

“Russia Disconnected Itself from the Global Internet in Tests” shares an intriguing factoid. Mr. Putin can disconnected the country from the potato fields near Estonia to the fecund lands where gulags once bloomed. The write up reports:

State communications regulator Roskomnadzor said the tests were aimed at improving the integrity, stability and security of Russia’s Internet infrastructure…

If a pesky cyber gang shuts down the Moscow subway from Lichtenstein, it’s pull the plug time. The idea is that Russia will not have to look outside of its territory to locate the malefactors. If outfits like Twitter refuse to conform to Russian law, the socially responsible company may lose some of its Russian content creators.

What other countries will be interested in emulating Russia’s action or licensing the technology? I can think of a few. The Splinter Net is starting to gain momentum. Those ideals about information wanting to be free and the value of distributed systems seem out of step with Mr. Putin’s kill switch.

Stephen E Arnold, July 26, 2021

Does Facebook Kill?

July 22, 2021

I found it interesting that the US government suggested that Facebook information kills. You can refresh your knowledge of this assertion in “Biden: COVID Misinformation on Platforms Like Facebook Is ‘Killing People’”. The statement is an attention grabber. Facebook responded, according to Neowin in “Facebook Refutes Biden’s Blame That It’s “Killing People” with COVID Fake News”:

Facebook clearly took issue with these statements and a company spokesperson responded by saying, “We will not be distracted by accusations which aren’t supported by the facts”.

The US government asserts one thing; Facebook another. Which is the correct interpretation of Facebook: An instrument of death or a really great helper of humanity?

The US is a country, and it has legal tools at its disposal. Facebook is a commercial enterprise operating in the US with a single person controlling what the company does.

Facebook wants to use the laws of the country to advantage itself; for example, Facebook is not too keen on Lina Khan. The company filed a legal document to keep that person from getting involved in matters related to Facebook’s commercial behaviors.

I find the situation amusing. Facebook’s assertions are not going to get a like from me. The US government, on the other hand, is a country. When countries take action — as China did with regard to Jack Ma — consequences can be significant.

The phrase “Facebook kills” is meme-able. That may be a persistent problem for the Zuck and the Zuckers in my opinion.

Stephen E Arnold, July 22, 2021

Governments Heavy Handed on Social Media Content

July 21, 2021

In the US, government entities “ask” for data. In other countries, there may be different approaches; for example, having data pushed directly to government data lakes.

Governments around the world are paying a lot more attention to content on Twitter and other social media, we learn from, “Twitter Sees Big Jump in Gov’t Demands to Remove Content of Journalists” at TechCentral. According to data released by the platform, demands increased by 26% in the second half of last year. We wonder how many of these orders involved false information and how many simply contained content governments did not like. That detail is not revealed, but we do learn the 199 journalist and news outlet accounts were verified. The report also does not divulge which countries made the demands or which ones Twitter obliged. We do learn:

“Twitter said in the report that India was now the single largest source of all information requests from governments during the second half of 2020, overtaking the US, which was second in the volume of requests. The company said globally it received over 14,500 requests for information between 1 July and 31 December, and it produced some or all of the information in response to 30% of the requests. Such information requests can include governments or other entities asking for the identities of people tweeting under pseudonyms. Twitter also received more than 38,500 legal demands to take down various content, which was down 9% from the first half of 2020, and said it complied with 29% of the demands. Twitter has been embroiled in several conflicts with countries around the world, most notably India over the government’s new rules aimed at regulating content on social media. Last week, the company said it had hired an interim chief compliance officer in India and would appoint other executives in order to comply with the rules.”

Other platforms are also receiving scrutiny from assorted governments. In response to protests, for example, Cuba has restricted access to Facebook and messaging apps. Also recently, Nigeria banned Twitter altogether and prohibited TV and radio stations from using it as a source of information. Meanwhile, social media companies continue to face scrutiny for the presence of hate speech, false information, and propaganda on their sites. We are reminded CEOs Jack Dorsey of Twitter, Mark Zuckerberg of Facebook, and Sundar Pichai of Google appeared in a hearing before the US congress on misinformation just last March. And most recently, all three platforms had to respond to criticisms over racist attacks against black players on England’s soccer team. Is it just me, or are these problems getting worse instead of better?

Cynthia Murrell, July 21, 2021

China: Prudence or Protectionism?

July 15, 2021

With many countries struggling with cyber breaches, China seems to be implementing procedures. Are these prudent steps or actions designed to enforce protectionist policies. “China Tightens Rules on Foreign IPOs in New Blow to Tech Firms” reports:

China proposed new rules that would require nearly all companies seeking to list in foreign countries to undergo a cybersecurity review, a move that would significantly tighten oversight over its internet giants.

The write up somewhat optimistically suggests that companies seeking to list on a non-US / non-Euro-centric stock exchange will elect to embrace Hong Kong.

Maybe not.

Is the decision to link listing with cyber security a wild and crazy idea, or is China taking a leadership position in cyber prophylaxis?

Worth monitoring this possible move.

Stephen E Arnold, July 15, 2021

Apple Threatens the UK?

July 12, 2021

Apple is a friendly company. It cares about security and privacy. It wants to hobble other technopolies with its user-centric approach ad tracking. Apple wants the Apple app store to be the bestest place in the world for developers to make their products available (even if some of those products don’t work as advertised) to the Apple customers. There are so many goodnesses associated with Apple, this headline has to be a misunderstanding: “Apple Attorneys Threaten UK Market Exit If Court Orders Unacceptable Patent Fees.”

It seems clear that the word “threat” is a strong one. The notion that “fees” might dissuade a trillion dollar company is puzzling. The write up reports:

Apple’s lawyers have warned the iPhone maker could exit the UK if a court orders it to pay “commercially unacceptable” fees to patent company Optis Cellular over alleged infringement of 3G and 4G patents. Apple is currently involved in a lawsuit with Optis in the United Kingdom, with Apple refusing to pay the firm license fees for patents Optis claims it used in the iPhone and other technologies. In June, a High Court judge ruled that Apple had infringed two of the patents, and therefore Apple should pay fees.

There are some strong words in this paragraph; for example, infringement, refusing, and High Court judge ruled.

Apple?

Yes, and the write up adds:

This is not the only lawsuit involving Optis that Apple is contending with. In August 2020, a Texas federal jury ruled Apple willfully infringed on 4G LTE patents owned by PanOptis and related companies, including Optis, and that it had to pay $506.2 million. In April 2021, a federal judge allowed a retrial to take place, due to there being “serious doubt” about the verdict.

Does this suggest that Apple is unaware of the function of a patent? Does Apple not understand the laws and customs associated with an inventor who holds a patent?

Possibly.

Several observations are warranted:

  • If Apple pulls out of the UK, this might be good news for Samsung, Google, and other vendors of non-Apple mobile phones.
  • The idea of a large company threatening a country and its laws is interesting. It may suggest that Apple is tired of mere nation states interfering with its plans to deliver Apple goodness to more people than ever before.
  • Since Brexit, the UK lacks pull with other Western European countries. As a result, Britain is to blame for this threat.

This is an interesting posture and one that may be little more than saber rattling. On the other hand, no more Facetime in merrie olde Englande may be a reality for an island nation which has faced invaders, pillagers, and cut purses many times. Where is King Arthur when he’s needed? Merlin uses an iPhone I believe.

Stephen E Arnold, July 12, 2021

Want to Cash In on the TikTok AI?

July 8, 2021

If you want to license the artificial intelligence which chainsaws away IQ points, you can. The vendor is a company called BytePlus, and, yes, it is an official source of the TikTok goodness. Just bring cash and leave your concerns about having data from your use of the system and method winging its way to the land that won over Marco Polo.

ByteDance Starts Selling TikTok’s AI to Other Companies” states (if you pay up to read the original write up in the weird orange newspaper):BytePlus offers businesses the chance to tap some of TikTok’s secret ingredient: the algorithm that keeps users scrolling by recommending them videos that it thinks they will like. They can use this technology to personalize their apps and services for their customers. Other software on offer includes automated translation of text and speech, real-time video effects and a suite of data analysis and management tools.

Just think you can hook your prospects on short videos about such compelling subjects as enterprise search, the MBA life, personnel management at Google, and cooking on a burning Tesla Plaid.

Stephen E Arnold, July 8, 2021

Microsoft in Perspective: Forget JEDI. Think Teams Together

July 7, 2021

I received some inputs from assorted colleagues and journalistic wizards regarding JEDI. The “real” news outfit CNBC published “Pentagon Cancels $10 Billion JEDI Cloud Contract That Amazon and Microsoft Were Fighting Over.” The write up stated:

… the Pentagon is launching a new multivendor cloud computing contract.

What caused this costly, high-profile action. Was it the beavering away of the Oracle professionals? Were those maintaining the Bezos bulldozer responsible? Was it clear-thinking consultants who asked, “Wasn’t Microsoft in the spotlight over the SolarWinds’ misstep?” I don’t know.

But let’s put this in perspective. As the JEDI deal was transported to a shelf in a Department of Defense store room at the Orchard Range Training Site in Idaho, there was an important — possibly life changing — announcement from Microsoft. Engadget phrased the technology breakthrough this way: Microsoft Teams Together Mode test lets just two people start a meeting. I learned:

Together Mode uses AI-powered segmentation to put all participants in a meeting in one virtual space.

I assume that this was previously impossible under current technology like a mobile phone, an Apple device with Facetime, Zoom, and a handheld walkie talkie, a CB radio, a ham radio, FreeConference.com, or a frequently sanitized pay phone located in a convenient store parking lot near the McCarran International Airport in Las Vegas.

I have a rhetorical question, “Is it possible to print either the news story about the JEDI termination or the FAQ for Together in the midst of — what’s it called — terror printing, horror hard copy effort — wait! — I have it. It is the condition of PrinterNightmare.

I have to stop writing. My Windows 10 machine wants to reboot for an update.

Stephen E Arnold, July 7, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta