NSO Group: Talking and Not Talking Is Quite a Trick

July 30, 2021

I read “A Tech Firm Has Blocked Some Governments from Using Its Spyware over Misuse Claims.” First, let’s consider the headline. If the headline is factual, the message I get is that NSO Group operates one or more servers through which Pegasus traffic flows. Thus, the Pegasus system includes one or more servers which have log files, uptime monitoring, and administrative tools which permit operations like filtering, updating, and the like. Thus, a systems administrator with authorized access to one or a fleet of NSO Group servers supporting Pegasus can do what some system administrators do: Check out what’s shakin’ with the distributed system. Is the headline accurate? I sure don’t know, but the implication of the headline (assuming it is not a Google SEO ploy to snag traffic) is that NSO Group is in a position to know — perhaps in real time via a nifty AWS-type dashboard — who is doing what, when, where, for how long, and other helpful details about which a curious observer finds interesting, noteworthy, or suitable for assessing an upcharge. Money is important in zippy modern online systems in my experience.

My goodness. That headline was inspirational.

What about the write up itself from the real news outfit National Public Radio or NPR, once home to Bob Edwards, who was from Louisville, not far from the shack next to a mine run off pond outside my door. Ah, Louisville, mine drainage, and a person who finds this passage suggestive:

“There is an investigation into some clients. Some of those clients have been temporarily suspended,” said the source in the company, who spoke to NPR on condition of anonymity because company policy states that NSO “will no longer be responding to media inquiries on this matter and it will not play along with the vicious and slanderous campaign.”

So the company won’t talk to the media, but does talk to the media, specifically NPR. What do I think about that? Gee, I just don’t know. Perhaps I don’t understand the logic of NSO Group. But I don’t grasp what “unlimited” means when a US wireless provider assures customers that they have unlimited bandwidth. I am just stupid.

Next, I noted:

NSO says it has 60 customers in 40 countries, all of them intelligence agencies, law enforcement bodies and militaries. It says in recent years, before the media reports, it blocked its software from five governmental agencies, including two in the past year, after finding evidence of misuse. The Washington Post reported the clients suspended include Saudi Arabia, Dubai in the United Arab Emirates and some public agencies in Mexico. The company says it only sells its spyware to countries for the purpose of fighting terrorism and crime, but the recent reports claim NSO dealt with countries known to engage in surveillance of their citizens and that dozens of smartphones were found to be infected with its spyware.

Okay, if the headline is on the beam, then NSO Group, maybe some unnamed Israeli government agencies like the unit issuing export licenses for NSO Group-type software, and possibly some “trusted” third parties are going to prowl through the data about the usage of Pegasus by entities. Some of these agencies may be quite secretive. Imagine the meetings going on in which those in these secret agencies. What will the top dogs in these secret outfits about the risks of having NSO Group’s data sifted, filtered, and processed by Fancy Dan analytics’ systems tell their bosses? Yeah, that will test the efficacy of advanced degrees, political acumen, and possible fear.

And what’s NSO Group’s position. The information does not come from an NSO Group professional who does not talk to the media but sort of does. Here’s the word from the NSO Group’s lawyer:

Shmuel Sunray, who serves as general counsel to NSO Group, said the intense scrutiny facing the company was unfair considering its own vetting efforts.

“What we are doing is, what I think today is, the best standard that can be done,” Sunray told NPR. “We’re on the one hand, I think, the world leaders in our human rights compliance, and the other hand we’re the poster child of human rights abuse.”

I like this. We have the notion of NSO Group doing what it can do to the “best standard.” How many times has this situation faced an outfit in the intelware game, based in Herliya, and under the scrutiny of an Israeli agency which says yes or no to an export license for a Pegasus type system. Is this a new situation? Might be. If true, what NSO Group does will define the trajectory of intelware going forward, won’t it?

Next, I like the “world leaders” and “Human rights compliance.” This line creates opportunities for some what I would call Comedy Central comments. I will refrain and just ask you to consider the phrase in the context of the core functions and instrumentality of intelware. (If you want to talk in detail, write benkent2020 at yahoo dot com and one of my team will get back to you with terms and fees. If not, I am retired, so I don’t care.)

Exciting stuff and the NSO Group ice cream melt is getting stickier by the day. And in Herzliya, the temperature is 29 C. “C” is the grade I would assign to this  allegedly accurate statement from the article that NSO Group does not talk to the media. Get that story straight is my advice.

And, gentle NPR news professional, why not ask the lawyer about log file retention and access to data in Pegasus by an NSO system administrator?

Stephen E Arnold, July 30, 2021

Does GitHub Data Grab for AI Training Violate Licenses?

July 22, 2021

Programmer Nora Tindall has taken to Twitter to call out Microsoft property GitHub on violating licenses for algorithm training purposes. She shares a screenshot of an exchange she had with GitHub Support that seems to confirm her charge:

[Tindall] I am specifically asking if any code from my GitHub account, most of which is licensed GPL, was used in the training set. It is a simple question.”

[GitHub] Sorry about the delay in getting back to you. I reached out to the team about this. Apparently all public GitHub code was used in training. We don’t distinguish by license type. I hope that answers your question!

It does indeed answer Tindall’s question, and she vows to pursue legal action. Predictably, the post prompted a flurry of comments, so navigate there to read that debate. It seems like the legality of this data usage is nebulous until courts weigh in. We note this exchange:

[Daniel Monte] Is there any precedent for training an AI on copyrighted content being a violation of said copyright?

[Nora Tindall] No, there’s no precedent in any of this. This is the deciding moment for the future of the copyleft ideal, and of free software in general. Maybe for copyright as a whole, actually, since this has applications outside software.

[Laurie] The law on all of this is basically non-existent. And there aren’t enough people who really understand the nuances who are also lawyers. It’s a whole mess which results in companies getting to decide for themselves. Not good.

[Critical Oil Theory Salesman] Hard agree. I’d imagine that we would see a completely different set of legal interpretations if the open source community trained a GPT3 model on Microsoft’s publicly available code.

Perhaps—that would be an interesting experiment. Is Microsoft really ignoring licenses? If not, Twitter is disseminating incorrect information. If yes, then Microsoft has designs on open source information in a way that outfoxes Amazon-type of open source maneuvers. But Microsoft is busy securing its own code and may want to envelope GitHub is the same cyber goodness.

Cynthia Murrell, July 22, 2021

Google and France: Whoa, Will Googlers Put That Trip to Provence on Hold?

July 13, 2021

Many news sources reported that the French government has put a price tag on Google’s content frivolities. The fine is in the neighborhood of $600 million. To put this in perspective, Google generates about $600 million a day in revenue, so no big deal.

CNBC’s “Google Hit with Record $593 Million Fine in France over News Copyright Battle” reports:

Google was ordered to present an offer of remuneration to publishers within two months, or risk facing fines of up to 900,000 euros per day.

From a practical point of view, Google will work out a plan. The plan will be discussed over numerous two-hour lunches, and then revised if warranted. If agreement is not reached, Google will seek redress in an appropriate manner. Google could write a check, threaten Apple-style to pull out of the country, or embrace the fascinating French legal system. Keep in mind that red tape is allegedly an invention of the Spanish has been a favorite method in France for centuries.

I found the Russian viewpoint interesting. “France slaps Google with Biggest Fine Ever of €500 Million for Failing to Comply with Copyright Rules” states:

The US company expressed upset at the French authority’s decision in a statement: “We have acted in good faith during the entire negotiation period. This fine does not reflect the efforts put in place, nor the reality of the use of news content on our platform.” The battle between Google and French publishers, including Agence France-Presse, has been going on since early 2020. Despite Google claiming that it has acted appropriately, French publishers insist that the company has used copyrighted articles and images without fairly paying the original authors under the EU “neighboring rights” rule. In February, Google was forced to pay out $76 million dollars to 121 French news outlets, with $22 million to be paid annually over three years.

The French fine might encourage other European Union entities to take a harder line with regard to what Google has been doing for the last 20 years. If that happens, the fines might consume a week or two of Google’s revenue. This begs the question, “What’s the point?” Either regulators take action that incentivizes different behavior at Google or just use the money, buy a good Beaujolais, rent a super yacht, and cruise to Antarctica to look at the big penguins.

Stephen E Arnold, July 13, 2021

Apple Threatens the UK?

July 12, 2021

Apple is a friendly company. It cares about security and privacy. It wants to hobble other technopolies with its user-centric approach ad tracking. Apple wants the Apple app store to be the bestest place in the world for developers to make their products available (even if some of those products don’t work as advertised) to the Apple customers. There are so many goodnesses associated with Apple, this headline has to be a misunderstanding: “Apple Attorneys Threaten UK Market Exit If Court Orders Unacceptable Patent Fees.”

It seems clear that the word “threat” is a strong one. The notion that “fees” might dissuade a trillion dollar company is puzzling. The write up reports:

Apple’s lawyers have warned the iPhone maker could exit the UK if a court orders it to pay “commercially unacceptable” fees to patent company Optis Cellular over alleged infringement of 3G and 4G patents. Apple is currently involved in a lawsuit with Optis in the United Kingdom, with Apple refusing to pay the firm license fees for patents Optis claims it used in the iPhone and other technologies. In June, a High Court judge ruled that Apple had infringed two of the patents, and therefore Apple should pay fees.

There are some strong words in this paragraph; for example, infringement, refusing, and High Court judge ruled.


Yes, and the write up adds:

This is not the only lawsuit involving Optis that Apple is contending with. In August 2020, a Texas federal jury ruled Apple willfully infringed on 4G LTE patents owned by PanOptis and related companies, including Optis, and that it had to pay $506.2 million. In April 2021, a federal judge allowed a retrial to take place, due to there being “serious doubt” about the verdict.

Does this suggest that Apple is unaware of the function of a patent? Does Apple not understand the laws and customs associated with an inventor who holds a patent?


Several observations are warranted:

  • If Apple pulls out of the UK, this might be good news for Samsung, Google, and other vendors of non-Apple mobile phones.
  • The idea of a large company threatening a country and its laws is interesting. It may suggest that Apple is tired of mere nation states interfering with its plans to deliver Apple goodness to more people than ever before.
  • Since Brexit, the UK lacks pull with other Western European countries. As a result, Britain is to blame for this threat.

This is an interesting posture and one that may be little more than saber rattling. On the other hand, no more Facetime in merrie olde Englande may be a reality for an island nation which has faced invaders, pillagers, and cut purses many times. Where is King Arthur when he’s needed? Merlin uses an iPhone I believe.

Stephen E Arnold, July 12, 2021

Commercial Accidental Censorship: Legal Blogs

July 12, 2021

Printed law journals are going the way of the printed newspaper, and legal blogs are taking their place. Kevin O’Keefe, LexBlog founder and host of Real Lawyers Have Blogs, is concerned that the ephemeral nature of blog posts poses a real problem for the law field. In his succinct post, “Where Will All the Legal Blogs Go?” he notes when a lawyer leaves a firm their posts are usually either deleted or recredited to the firm itself. We learn:

“Courts are more apt to cite blogs than a law review or law journal. As the New York Times has written on a couple occasions, law reviews are becoming largely irrelevant. Citations will lead to broken links. Legal blogs play a significant role in legal research. Lawyers looking for information on a subject turn to Google and find helpful blog posts. Law is for the long term. Lawyers use law from years ago. Law is advanced by dialogue and writing on the law. You eliminate the long term and a useable dialogue and writing on the law, and you have a problem.”

Yes, citations to nowhere are of no use to anyone, and posts credited to a firm rather than an individual become cannot be referenced, cited, or footnoted. The remedy, O’Keefe insists, is that legal blogs be aggregated, archived, and made accessible. Will his fellow legal bloggers listen?

Are Reed Elsevier and Thomson Reuters failing its legal users?

Cynthia Murrell, July 12, 2021

Audacity: Audacious or Not?

July 5, 2021

I found this notice interesting: “Audacity Desktop App.” Audacity is an audio software. One can record a podcast and remove unwanted background noise. It has many other tricks, not the least of which was that it was free and open source. There is an interesting back-and-forth on Reddit about who has rights to Audacity the application, the licenses under which the software has been provided, and nuances about music which elude me.

But there was an interesting passage in the Audacity Web page at this location about the type of data collected by the app and the organization with some ownership and development claims to the Audacity product; to wit:

Data necessary for law enforcement, litigation and authorities’ requests (if any).

My hunch is that music or audio banditos relying on Audacity may react to this explanation of data collected by the software. And for those living in California assuming that its Consumer Privacy Act offers a shield. Audacity says:

The California Consumer Privacy Act (“CCPA”) provides California residents, referred to in the law as “consumers,” with rights to receive certain disclosures regarding the collection, use, and sharing of personal information, as well as rights to access and control personal information. Certain information that we collect may be exempt from the CCPA because it is considered public information (because it is made available by a government entity) or covered by another federal privacy law, such as the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, or the Fair Credit Reporting Act.

What other open source software products, systems, and components will capture interesting information to be able to comply with rules and regulations in the jurisdictions in which the products are “used”?

Stephen E Arnold, July 5, 2021

Restraining Strategic Tech Acquisitions in the EU

June 18, 2021

Anti-big-tech or anti-American? Is there a difference? The Macau News Agency reports, “Germany, France Want to Curb ‘Killer’ Big Tech Deals.” Left out of the headline is the Netherlands, which joins those larger powers in their desire to stop companies like Facebook, Google, and Amazon from making “killer acquisitions.” These are deals in which tech giants snap up budding startups before they can bloom into competitors. We learn:

“EU regulators believe that Facebook’s buyouts of Instagram or WhatsApp, or Google’s purchase of Fitbit, are potential examples of big companies buying out a high-potential startup before it developed into a rival. The EU ministers were discussing the Digital Markets Act, a law being hammered out at European Parliament and among the 27 member states that will take years to come into force. It would create a list of special rules for the handful of big technology companies on how they can operate, including stricter obligations on informing regulators of their buyouts and mergers. At the meeting, EU competition chief Margrethe Vestager insisted that existing rules already offered ways to intervene quickly against such buyouts when they are notified by national authorities. This was the case most recently with Facebook’s acquisition of software provider Kustomer even though that deal is below the EU’s thresholds for notification. The ministers also discussed the Digital Services Act that could force Big Tech into providing more transparency on algorithms and better policing of illegal content.”

The EU currently abides by the country-of-origin principle, wherein the country in which a company’s European operation is based handles enforcement. However, since it feels Ireland bungled the oversight of big tech firms, France suggests the EU re-evaluate that principle. The specific rules it will propose remain to be seen.

Cynthia Murrell, June 18, 2021

Great Moments in PR: Google and France June 2021

June 14, 2021

I am not sure what percentage of Alphabet Google’s annual revenue $268 million represents. My old handheld calculator balks at lots of numbers. I am more of a 00 or 000 kind of old timer. France believes that this figure is fair and appropriate for alleged missteps by the mom and pop online ad company.

I found the article “Google to Improve Ad Practices after Being Slapped with $268 Million Fine” interesting. In fact, I circled in True Blue this passage:

Following the results of this investigation, Google has decided to reach a settlement with the French antitrust authority. As a part of this settlement, the tech giant will have to improve its ad services to offer better interoperability with other platforms, and will also pay a $268 million fine.

Yep, the do better assurance. What was the alleged saying bandied about when Messrs. Brin and Page were roller blading around the Mountain View offices? I think it was this one:

It’s easier to ask forgiveness than it is to get permission.

A slight edit yields:

It’s easier to pay the find than make specific commitments.

Stephen E Arnold, June 14, 2021

The Country Russia and the Company Google: Fair Fight?

May 25, 2021

Sergey Brin’s flight to space did not blast off. Now it seems that Google’s business is mired in a mere nation state’s regulatory bureaucracy. What’s galactic Google to do when a country refuses to be Googley? “Russia Orders Google to Delete Illegal Content or Face Slowdowns” states that Russia’s:

Roskomnadzor internet commission gave the company 24 hours to delete more than 26,000 instances of what it’s classifying as illegal content. If Google doesn’t comply with the order, it could face fines valued at up to 10 percent of its annual revenue, in addition to seeing its services slowed down within the country. The agency has also accused Google of censoring Russian media outlets, including state-owned entities like RT and Sputnik.

Google played a mean game of Boogalah in Australia. I am not sure which combatant triumphed. The upcoming content with the Bear may be more challenging than tossing around a ball covered in kangaroo skin. Hockey and vodka drinking are among the more popular sports in Yakutsk I have heard.

Will Sundar Pichai travel to Russia and perhaps bond with Mr. Putin when he goes camping or horse back riding? I can visualize the two bonding over a camp fire or enjoying a ride about 150 miles northeast of Moscow.

The article explains that Russia has been less than thrilled with some US high technology companies. Furthermore, the country’s government remains squarely focused on earth and has not been willing to kneel before outfits which are galactic.

Getting into a dust up with Russia might be a reason to hire someone to check food deliveries to the Googleplex.

Stephen E Arnold, May 28, 2021

Speak Using Our Words, Or Do Not Speak

May 14, 2021

Google has learned from legal misfortune, both its own and other companies’. That is why, “To Head Off Regulators, Google Makes Certain Words Taboo.” The Next Web post outlines several of the major antitrust investigations the company currently faces at home and abroad. It also describes the role language played in past lawsuits brought against Google and, notably, Microsoft. We learn employees are given specific instructions on their language and other parts of communication both inside and outside the company. Having acquired some internal documents, the journalist known as The Markup writes:

“The taboo words include ‘market,’ ‘barriers to entry,’ and ‘network effects,’ which is when products such as social networks become more valuable as more people use them. ‘Words matter. Especially in antitrust law,’ reads one document titled Five Rules of Thumb for Written Communications. ‘Alphabet gets sued a lot, and we have our fair share of regulatory investigations,’ reads another. ‘Assume every document will become public.’ The internal documents appear to be part of a self-guided training session for a wide range of the company’s more than 100,000 employees, from engineers to salespeople. One document, titled ‘Global Competition Policy,’ says it applies not only to interns and employees but also to temps, vendors, and contractors. The documents explain the basics of antitrust law and caution against loose talk that could have implications for government regulators or private lawsuits. In one of the documents, which appear to be written by the legal team, employees are advised to choose their words carefully and use only third-party data when referencing Google’s ‘position in search’ in sales pitches. They are further cautioned never to print or hand out their slides.”

The documents helpfully suggest alternative words, including “industry,” “space,” “area,” or the name of a region instead of “market;” “valuable to users” rather than “network effects;” and “challenges” instead of “barriers to entry.” Though employees may (mis)use terms innocently, history tells us lawyers and regulators can and will seize upon certain definitions to build their cases. The higher in the company one is, the riskier careless language becomes. Especially sensitive are phrasings that suggest Google dominates any market, intends to “crush” its competition, or makes any choice for its own advantage rather than for the benefit of users. Because, of course, Google would never do that.

Cynthia Murrell, May 14, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta