Missing Signals: Are the Tools or Analysts at Fault?

November 7, 2023

green-dino_thumb_thumbThis essay is the work of a dumb humanoid. No smart software required.

Returning from a trip to DC yesterday, I thought about “signals.” The pilot — a specialist in hit-the-runway-hard landings  — used the word “signals” in his welcome-aboard speech. The word sparked two examples of missing signals. The first is the troubling kinetic activities in the Middle East. The second is the US Army reservist who went on a shooting rampage.


The intelligence analyst says, “I have tools. I have data. I have real time information. I have so many signals. Now which ones are important, accurate, and actionable?” Our intrepid professionals displays the reality of separating the signal from the noise. Scary, right? Time for a Starbuck’s visit.

I know zero about what software and tools, systems and informers, and analytics and smart software the intelligence operators in Israel relied upon. I know even less about what mechanisms were in place when Robert Card killed more than a dozen people.

The Center for Strategic and International Studies published “Experts React: Assessing the Israeli Intelligence and Potential Policy Failure.” The write up stated:

It is incredible that Hamas planned, procured, and financed the attacks of October 7, likely over the course of at least two years, without being detected by Israeli intelligence. The fact that it appears to have done so without U.S. detection is nothing short of astonishing. The attack was complex and expensive.

And one more passage:

The fact that Israeli intelligence, as well as the international intelligence community (specifically the Five Eyes intelligence-sharing network), missed millions of dollars’ worth of procurement, planning, and preparation activities by a known terrorist entity is extremely troubling.

Now let’s shift to the Lewiston Maine shooting. I had saved on my laptop “Six Missed Warning Signs Before the Maine Mass Shooting Explained.” The UK newspaper The Guardian reported:

The information about why, despite the glaring sequence of warning signs that should have prevented him from being able to possess a gun, he was still able to own over a dozen firearms, remains cloudy.

Those “signs” included punching a fellow officer in the US Army Reserve force, spending some time in a mental health facility, family members’ emitting “watch this fellow” statements, vibes about issues from his workplace, and the weapon activity.

On one hand, Israel had intelligence inputs from just about every imaginable high-value source from people and software. On the other hand, in a small town the only signal that was not emitted by Mr. Card was buying a billboard and posting a message saying, “Do not invite Mr. Card to a church social.”

As the plane droned at 1973 speeds toward the flyover state of Kentucky, I jotted down several thoughts. Like or not, here these ruminations are:

  1. Despite the baloney about identifying signals and determining which are important and which are not, existing systems and methods failed bigly. The proof? Dead people. Subsequent floundering.
  2. The mechanisms in place to deliver on point, significant information do not work. Perhaps it is the hustle bustle of everyday life? Perhaps it is that humans are not very good at figuring out what’s important and what’s unimportant. The proof? Dead people. Constant news releases about the next big thing in open source intelligence analysis. Get real. This stuff failed at the scale of SBF’s machinations.
  3. The uninformed pontifications of cyber security marketers, the bureaucratic chatter flowing from assorted government agencies, and the cloud of unknowing when the signals are as subtle as the foghorn on cruise ship with a passenger overboard. Hello, hello, the basic analysis processes don’t work. A WeWork investor’s thought processes were more on point than the output of reporting systems in use in Maine and Israel.

After the aircraft did the thump-and-bump landing, I was able to walk away. That’s more than I can say for the victims of analysis, investigation, and information processing methods in use where moose roam free and where intelware is crafted and sold like canned beans at TraderJoe’s.

Less baloney and more awareness that talking about advanced information methods is a heck of a lot easier than delivering actual signal analysis.

Stephen E Arnold, November 7, 2023


Traveling to France? On a Watch List?

August 25, 2023

The capacity for surveillance has been lurking in our devices all along, of course. Now, reports Azerbaijan’s Azernews, “French Police Can Secretly Activate Phone Cameras, Microphones, and GPS to Spy on Citizens.” The authority to remotely activate devices was part of a larger justice reform bill recently passed. Officials insist, though, this authority will not be used willy-nilly:

“A judge must approve the use of the powers, and the recently amended bill forbids use against journalists, lawyers, and other ‘sensitive professions.’ The measure is also meant to limit use to serious cases, and only for a maximum of six months. Geolocation would be limited to crimes that are punishable by at least five years in prison.”

Surely, law enforcement would never push those limits. Apparently the Orwellian comparisons are evident even to officials, since Justice Minister Éric Dupond-Moretti preemptively batted them away. Nevertheless, we learn:

“French digital rights advocacy group, La Quadrature du Net, has raised serious concerns over infringements of fundamental liberties, and has argued that the bill violates the ‘right to security, right to a private life and to private correspondence’ and ‘the right to come and go freely.’ … The legislation comes as concerns about government device surveillance are growing. There’s been a backlash against NSO Group, whose Pegasus spyware has allegedly been misused to spy on dissidents, activists, and even politicians. The French bill is more focused, but civil liberties advocates are still alarmed at the potential for abuse. The digital rights group La Quadrature du Net has pointed out the potential for abuse, noting that remote access may depend on security vulnerabilities. Police would be exploiting security holes instead of telling manufacturers how to patch those holes, La Quadrature says.”

Smartphones, laptops, vehicles, and any other connected devices are all fair game under the new law. But only if one has filed the proper paperwork, we are sure. Nevertheless, progress.

Cynthia Murrell, August 25, 2023

NSO Group: How Easy Are Mobile Hacks?

April 25, 2023

I am at the 2023 US National Cyber Crime Conference, and I have been asked, “What companies offer NSO-type mobile phone capabilities?” My answer is, “Quite a few.” Will I name these companies in a free blog post? Sure, just call us at 1-800-YOU-WISH.

A more interesting question is, “Why is Israel-based NSO Group the pointy end of a three meter stick aimed at mobile devices?” (To get some public information about newly recognized NSO Group (Pegasus) tricks, navigate to “Triple Threat. NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains.” I would point out that the reference to Access Now is interesting, and a crime analyst may find a few minutes examining what the organization does, its “meetings,” and its hosting services time well spent. Will I provide that information in a free blog post. Please, call the 800 number listed above.)

Now let’s consider the question regarding the productivity of the NSO technical team.

First, Israel’s defense establishment contains many bright people and a world-class training program. What happens when you take well educated people, the threat of war without warning, and an outstanding in-service instructional set up? The answer is, “Ideas get converted into exercises. Exercises become test code. Test code gets revised. And the functional software becomes weaponized.”

Second, the “in our foxhole” mentality extends once trained military specialists leave the formal service and enter the commercial world. As a result, individuals who studied, worked, and in some cases, fought together set up companies. These individuals are a bit like beavers. Beavers do what beavers do. Some of these firms replicate functionality similar to that developed under the government’s watch and sell those products. Please, note, that NSO Group is an exception of sorts. Some of the “insights” originated when the founders were repairing mobile phones. The idea, however, is the same. Learning, testing, deploying, and the hiring individuals with specialized training by the Israeli government. Keep in mind the “in my foxhole” notion, please.

Third, directly or indirectly important firms in Israel or, in some cases, government-assisted development programs provide: [a] Money, [b] meet up opportunities like “tech fests” in Tel Aviv, and [c] suggestions about whom to hire, partner with, consult with, or be aware of.

Do these conditions exist in other countries? In my experience, to some degree this approach to mobile technology exploits does. There are important differences. If you want to know what these are, you know the answer. Buzz that 800 number.

My point is that the expertise, insights, systems, and methods of what the media calls “the NSO Group” have diffused. As a result, there are more choices than ever before when it comes to exploiting mobile devices.

Where’s Apple? Where’s Google? Where’s Samsung? The firms, in my opinion, are in reactive mode, and, in some cases, they don’t know what they don’t know.

Stephen E Arnold, April 25, 2023

Accidental News: There Is a Google of the Dark Web.

August 2, 2022

Yesterday one of the research team was playing the YouTube version of TWIT which is Silicon Valley acronym speak for “This Week in Tech.” The program is hosted by a former TV personality and features “experts”. The experts discuss major news events. The August 1, 2022 (captured on July 31, 2022) has the title “The Barn Has Left the Horse — CHIPS Act, Earnings Week, FTC Sues Meta, Twitter Blue Price Hike.” The “experts” fielding questions and allegedly insightful observations by Mr. LaPorte can be viewed at this link. The “experts” on the “great panel” for this program included:

In the midst of recycled information and summaries of assorted viewpoints, there was what I thought was information warranting a bit more attention. You can watch and hear what Dan Patterson says at 2:22:30. A bit of context: Mr. Patterson announced that he is the Editorial Director at Cybersixgill, [supplemental links appear below my name at the foot of this blog post] a firm named after a shark and with, until now, a very low profile. I think the outfit is based in Tel Aviv and it, as I recall, provides what I call specialized software and services to government entities. A few other firms in this particular market space are NSO Group and Voyager Labs, among other. Rightly or wrongly, I think of Herliya as the nerve center for certain types of sophisticated intercept, surveillance, analytic, and stealth systems. Thus, “low profile” is necessary. Once the functionality of an NSO Group-type system becomes known, then the knock on effect is to put Candiru-type firms in the spotlight too. (Other fish swimming unseen in the digital ocean have inspired names like “FinFisher,” “Candiru,” and “Sixgill.”)

So what’s the big news? A CBS technology reported quitting is no big deal. A technology reporter who joins a commercial software and services firm is not a headline maker either.

This is, in my opinion, a pretty remarkable assertion, and I think it should be noted. Mr. Patterson was asked by Mr. LaPorte, “So CyberSixgill is a threat intelligence…” Mr. Patterson added some verbal filler with a thank you and some body movement. Then this…

CyberSixgill is like a Google for the Dark Web.

That’s an interesting comparison because outfits like Kagi and Neva emphasize how different they are from Google. Like Facebook, Google appears to on the path to becoming an icon for generating cash, wild and crazy decisions, and an emblem of distrust.

Mr. Patterson then said:

I don’t want to log roll…. I joined the threat detection company because their technology is really interesting. It really mines the Dark Web and provides a portal into it in ways that are really fascinating.

Several observations:

  1. Mr. Patterson’s simile caught my attention. (I suppose it is better than saying, “My employer is like an old school AT&T surveillance operation in 1941.”
  2. Mr. Patterson’s obvious discomfort when talking about CyberSixgill indicates that he has not yet crafted the “editorial message” for CyberSixgill.
  3. With the heightened scrutiny of firm’s with specialized software causing outfits like Citizens Lab in Toronto to vibrate with excitement and the Brennan Center somewhat gleefully making available Voyager Labs’s information, marketing a company like CyberSixgill may be a challenge. These specialized software companies have to be visible to government procurement officers but not too visible to other sectors.

Net net: For specialized software and services firms in Israel, Zurich, Tyson’s Corner, and elsewhere, NSO Group’s visibility puts specialized software and services company on the horns of a dilemma: Visible but not too visible. These companies cannot make PR and marketing missteps. Using the tag line from a “real” journalist’s lips like “a Google for the Dark Web” is to me news which Mr. LaPorte and the other members of the panel should have noticed. They did not. There you go: “Like a Google for the Dark Web”. That’s something of interest to me and perhaps a few other people.

Stephen E Arnold, August 2, 2022


1 “Sixgill” is the blunt nose “six gill” shark, hexnchoid (Hexanchus griseus). It is big and also called the cow shark by fish aficionados. The shark itself can be eaten.

2 The company’s product is explained at https://www.cybersixgill.com/products/portal/. One “product” is a cloud service which delivers “exclusive access to closed underground sources with the most comprehensive, automated collection from the deep and dark Web. The investigative portal delivers the threat intel security teams need: Real time context and actionable alerts along with the ability to conduct cover investigations.” Mr. Patterson may want to include in his list of work tasks some rewriting of this passage. “Covert investigations,” “closed underground sources,” and “automated collection” attract some attention.

3 The company’s blog provides some interesting information to those interested in specific investigative procedures; for example, “Use Case Blog: Threat Monitoring & Hunting.” I noted the word “hunting.”

4 The company received a fresh injection of funding from CrowdStrike, Elron Ventures, OurCrowd, and Sonae. According to CyberGestion, the firm’s total funding as of May 2022 is about $55 million US.

5 The Dark Web, according to my research team, is getting smaller. Thus, what does “deep web”? The term is undefined on the cited CyberSixgill page. “Like Google” suggests more than 35 billion Web pages in its public index. Is this what CyberSixgill offers?

Surprise: NSO Group Pegasus Is in the News Again

July 28, 2022

On July 27, 2022, the winger wonder Pegasus cast a shadow over the desks of the House Intelligence Committee. The flapping of the mythical creatures wings could not be stilled. Gavel pounding, heavy breathing from lobbyists in the gallery, and convoluted statements by elected leaders did not cause the beastie to fly away. Nope. Pegasus with its NSO Group logo branded on its comely haunch was present. Even mythical creatures can leave behind a mess.

And it appears as if the mess is semi-permanent and odiferous.

We’re Likely Only Seeing the Tip of the Iceberg of Pegasus Spyware Use Against the US” states:

US lawmakers heard testimony from Citizen Lab senior researcher John Scott-Railton; Shane Huntley, who leads Google’s Threat Analysis Group; and Carine Kanimba, whose father was the inspiration for Hotel Rwanda and who was, herself, targeted by Pegasus spyware. This, of course, is the now-infamous malware that its developer, Israel’s NSO Group, claims is only sold to legitimate government agencies — not private companies or individuals. Once installed on a victim’s device, Pegasus can, among other things, secretly snoop on that person’s calls, messages, and other activities, and access their phone’s camera without permission.

I like the Hotel Rawanda reference. Younger elected officials may not know much about intelware, but they definitely know about the motion picture in my opinion. Hutus Tutsis and a big box office. A target of Pegasus. Credibility? Yep.

The hearings continue of July 28, 2022. According to the article:

Schiff called NSO’s software and similar eavesdropping tools “a threat to Americans,” and pointed to news reports from last year about cellphones belonging to US diplomats in Uganda being compromised by Pegasus. It is my belief that we are very likely looking at the tip of the iceberg, and that other US government personnel have had their devices compromised, whether by a nation-state using NSO’s services or tools offered by one of its lesser known but equally potent competitors,” Schiff said.

Google — the go to source for objective information — is allegedly tracking 30 firms “that sell exploits or surveillance capabilities to government-backed groups.

Just 30? Interesting, but, hey, Google knows surveillance cold I suppose.

A handful of observations:

  1. NSO Group’s Pegasus continues to capture attention like a Kentucky Derby winner which allegedly has banned substances rubbed on its belly. Some of those rub ons have a powerful scent. Even a boozy race track veterinarian can wince when checking a specific thoroughbred’s nether region.
  2. The knock on effect of NSO Group’s alleged management oversight means that scrutiny of intelware companies is going to spotlight the founders, funders, and stakeholders. I think this is like a deer standing on railroad tracks mesmerized by the bright white light heading down the rails at 60 miles per hour. In the train versus deer competitions in the past, trains hold a decided advantage.
  3. Individual companies in the specialized software business face an uncertain future.

How uncertain?

Regulations and bans seem to be on the menus in a number of countries. Also, there are a finite number of big dollar contracts for specialized software and smaller firms are going to have to get big fast, sell out to a larger company with multiple lines of law enforcement, defense, and intelligence revenue, or find a way to market without marketing “too well.”

And the “too well”?

Since NSO Group’s spotlight appearances, smaller intelware companies have had to be very careful abut their sales and marketing activities. Why? There are reporters from big time newspapers nosing around for information. There are online podcasts which have guests who talk about what specialized software can do, where the data originate, and how a “food chain” of information providers provide high value information. There are the tireless contributors of Twitter’s #OSINT threads who offer sometimes dumb and less frequently high-value nuggets about specialized services vendors. Finally, there are the marketers at specialized services firms themselves who use email blasts to tout their latest breakthroughs. Other small specialized software vendors prowl the niche law enforcement and intelligence conferences in search of sales leads. In some cases, there are more marketers than there are individuals who can license a data set, an analytics package, or the whole enchilada needed to monitor — how shall I phrase it — comprehensively. These energetic marketers learn that their employer becomes a journalist’s subject of interest.

Net net: When I reflect on the golden years of specialized software and services marketing, testing, and deploying, I have one hypotheses: NSO Group’s visibility has changed the game. There will be losers and a very few big winners. Who could have foreseen specialized software and services working like a bet on the baccarat tables in Monaco? Who anticipated NSO Group-type technology becoming “personal” to the US? I sure did not. The light at the end of the tunnel, once the train clears the deer, is that the discipline of “marketing without marketing too much” may become mainstream in France, Germany, Israel, Switzerland, and the US. I hear that train a-comin’ do you?

Stephen E Arnold, July 28, 2022

Academics Can Predict Crime: What about Close Enough for Horseshoes Accuracy?

July 6, 2022

I have no phat phaux phrench bulldog in this upcoming academic free-for-all. I read “Algorithm Predicts Crime a Week in Advance, But Reveals Bias in Police Response.” Yellow lights flash.

The article is a summary of a longer research paper published by wizards at the University of Chicago, an outstanding institution located in a safe, well-lit, and community-oriented area of Chicago. Home of the Bears and once the literal stomping grounds of the P Stone Nation.  (And, Yes, I am intentionally leaving part of the gang’s name out of my reference. Feel free to use the full gang name yourself.)

The write up says:

Data and social scientists from the University of Chicago have developed a new algorithm that forecasts crime by learning patterns in time and geographic locations from public data on violent and property crimes. The model can predict future crimes one week in advance with about 90% accuracy.

Predicting crime a week before the incident or incidents sounds like an application of predictive analytics. I think there was an outfit which started at Indiana University which came up with something similar. That system attracted some attention and some skepticism.

But humans are curious and applying mathematical recipes to available data is for some an interesting way to pursue grants, publicity, and maybe some start up funding.

But 90 percent. That begs the question, “What about that other 10 percent?” How low does the model go for acceptable outputs? Maybe 60 percent confidence? Maybe lower?

The write up continues:

Previous efforts at crime prediction often use an epidemic or seismic approach, where crime is depicted as emerging in “hotspots” that spread to surrounding areas. These tools miss out on the complex social environment of cities, however, and don’t consider the relationship between crime and the effects of police enforcement.

I know I have mentioned Banjo (now SafeX AI) and the firm’s patents. Some of these patent documents provide useful summaries of some of the algorithms used in predictive models. What’s strikes me as  important about math-centric outputs is that methods are useful — up to a point. I have a canned lecture which identifies the 10 most used mathy methods and identifies how the data sets going in can be poisoned by an intentional actor. The culprit can be smart software generating data in the manner of AI synthetic data systems or by humans working for a government funded entity in St. Petersburg, Russia.

However, there have been a few high hurdles predictive systems have to jump over in a clean, fluid manner; for instance:

  • Identifying and filtering certain data. Bad data can have a significant impact of the outputs. My recollection is that analysis of a predictive system in California revealed wide variation in the collection of data and the consistency of the data from both humans and automated sources
  • Refining actionable outputs. Some of these outputs are often wide of the mark. This means that scarce resources may be deployed on a wild goose chase or investigation of actors who are not “bad” or involved in an incident
  • Real time not correlating with the past. Numerous contextual issues arise in real time, and predictive systems operate in what I call a time disconnected mode. For those on the pointy end of the stick, this time variance can create a situation in which the predictive outputs are not just a few degrees off center, they are orbiting around a beach club in Bermuda.

If you want to read the entire academic “we have cracked this problem” article, navigate to this link. You will have to pay to read this remarkable article.

Stephen E Arnold, July 6, 2022

AT&T Innovation: I Thought Banjo Anticipated This Functionality

May 11, 2022

I read “AT&T Will Use Phone Location Data to Route 911 Calls to the Right Responders.” I thought that Banjo (now SafeXai) described a similar function. I thought I read a Banjo patent or two referencing the firm’s systems and methods. Despite this historical thought, I noted this statement in the article:

The company says it’ll be the first US carrier to “quickly and more accurately identify where a wireless 911 call is coming from using device GPS and hybrid information.” That’ll allow it to route the call to the correct 911 call center (public safety answering point or PSAP) which can then “dispatch first responders to the right location faster…

Banjo changed its name, but before its management shift, the company filed and obtained a number of forward-leaning patents. I recall that one of them provided a useful shopping list of off-the-shelf technologies used in smart software.  If anyone is curious, the Banjo patents referencing what I think is a similar notion include US10585724, “Notifying entities of relevant events”, US10582343, “Validating and supplementing emergency call information,” and several others. I recall reading patents held by AT&T which reference this capability. I wonder how many firms can use mobile data to provide useful services to first responders, law enforcement, and intelligence entities. Once a system and method are disclosed, individuals can replicate or exploit some systems.

Collecting data via an app’s software is made more useful with real-time data from other collection points. The value of cross-correlation of data is quite high. I find it interesting that basic LE and intel methods continue to poke their nose through the heavy cloud cover over certain interesting systems and methods. I do long for the days when certain information was secret and kept that way.

Stephen E Arnold, May 11, 2022

NSO Group Knock On: More Attention Directed at Voyager Labs?

April 12, 2022

Not many people know about Voyager Labs, its different businesses, or its work for some government entities. From my point of view, that’s how intelware and policeware vendors should conduct themselves. Since the NSO Group’s missteps have fired up everyone from big newspaper journalists to college professors, the once low profile world of specialized software and services has come to center stage. Unfortunately most of the firms providing these once secret specialized functions are, unlike Tallulah Bankhead, ill prepared for the rigors of questions about chain smoking and a sporty life style. Israeli companies in the specialized software and services business are definitely not equipped for criticism, exposure, questioning by non military types. A degree in journalism or law is interesting, but it is the camaraderie of a military unit which is important. To be fair, this “certain blindness” can be fatal. Will NSO Group be able to survive? I don’t know. What I do know is that anyone in the intelware or policeware game has to be darned careful. The steely gaze, the hardened demeanor, and the “we know more than you do” does not play well with an intrepid reporter investigating the cozy world of secretive conferences, briefings at government hoe downs, or probing into private companies which amass user data from third-party sources for reselling to government agencies hither and yon.

Change happened.

I read “On the Internet, No One Knows You’re a Cop.” The author of the article is Albert Fox-Cahn, the founder and director of STOP. Guess what the acronym means? Give up. The answer is: The Surveillance Technology Oversight Project.

Where does this outfit hang its baseball cap with a faded New York Yankees’ emblem? Give up. The New York University Urban Justice Center. Mr. Fox-Cahn is legal type, and he has some helpers; for example, fledgling legal eagles. (A baby legal eagle is technically eaglets or is it eaglettes. I profess ignorance.) This is not a Lone Ranger operation, and I have a hunch that others at NYU can be enjoined to pitch in for the STOP endeavor. If there is one thing college types have it is an almost endless supply of students who want “experience.” Then there is the thrill of the hunt. Eagles, as you know, have been known to snatch a retired humanoid’s poodle for sustenance. Do legal eagles enjoy the thrill of the kill, or are they following some protein’s chemical make up?

The write up states:

Increasingly, internet surveillance is operating under our consent, as police harness new software platforms to deploy networks of fake accounts, tricking the public into giving up what few privacy protections the law affords. The police can see far beyond what we know is public on these platforms, peaking behind the curtains at what we mean to show and say only to those closest to us. But none of us know these requests come from police, none of us truly consent to this new, invasive form of state surveillance, but this “consent” is enough for the law, enough for the courts, and enough to have our private conversations used against us in a court of law.

Yeah, but use of public data is legal. Never mind, I hear an inner voice speaking for the STOP professionals.

The article then trots through the issues sitting on top of a stack of reports about actions that trouble STOP; to wit, use of fake social media accounts. The idea is to gin up a fake name and operate as a sock puppet. I want to point out that this method is often helpful in certain types of investigations. I won’t list the types.

The write up then describes Voyager Labs’ specialized software and services this way:

Voyager Labs claims to perceive people’s motives and identify those “most engaged in their hearts” about their ideologies. As part of their marketing materials, they touted retrospective analysis they claimed could have predicted criminal activity before it took place based on social media monitoring.

Voyager Labs’ information was disclosed after the Los Angeles government responded to a Brennan Center Freedom of Information Act request. If you are not familiar with these documents, you can locate at this link which I verified on April 9, 2022. Note that there are 10,000 pages of LA info, so plan on spending some time to locate the information of interest. If you want more information about Voyager Labs, navigate to the company’s Web site.

Net net: Which is the next intelware or policeware company to be analyzed by real news outfits and college professors? I don’t know, but the revelations do not make me happy. The knock on from the NSO Group’s missteps are not diminishing. It appears that there will be more revelations. From my point of view, these analyses provide bad actors with a road map of potholes. The bad actors become more informed, and government entities find their law enforcement and investigative efforts are dulled.

Stephen E Arnold, April 12, 2022

Some Cellebrite Customers Revealed

March 11, 2022

This headline from Apple Insider should not be surprising, but it is bound to shock some individuals: “Most US Cabinet Departments Have Bought Cellebrite iPhone Hacking Tool.” The Intercept reported that fourteen out of the fifteen US Cabinet Departments purchased Cellebrite, technology designed to unlock Apple iOS.

Cellebrite is a common tool law enforcement, government agencies, military personnel and bad actors use to unlock iPhones. It is globally used. All of the major US Cabinet Departments, sans one, are not the only government entities that use Cellebrite:

“The Intercept claims that Federal purchasing records and Cellebrite securities documents seen by the publication, also show that several other federal agencies. Government buyers of Cellebrite include:

  • Centers for Disease Control and Prevention
  • Department of Agriculture
  • Department of Education
  • Department of Veterans Affairs
  • Housing and Urban Development
  • Social Security Administration
  • US Agency for International Development
  • US Fish and Wildlife Service

In those securities filings, the Cellebrite company reported having over 2,800 government customers in North America.”

Cellebrite has other major clients, including six out of the ten largest oil refiners and six out of then largest pharmaceutical companies. Cellebrite is a tool used by those with money and power. The bigger question is if the so-called “good guys” are using it for good or if they use Cellebrite in the same manner as the bad actors.

Whitney Grace, March 11, 2022

Clearview Aims to Collect Every Face, and More

March 4, 2022

Chances are, Clearview already has a record of your face. In fact, reports Silicon Republic, “Clearview AI Plans to Put Almost Every Human Face in its Database.” At least that is what it has told its investors, according to documents obtained by The Washington Post. Writer Leigh Mc Gowran reports:

“Clearview AI, which describes itself as ‘the world’s largest facial network’, has built a database that currently holds more than 10bn ‘publicly available facial images’ taken from the web. It works with customers such as law enforcement agencies to compare facial data against its database. The US-based company has said this database is the ‘largest known of its kind in its industry’. A financial presentation the company created last December goes further than this publicly available statement. In this document, Clearview claimed it already has 11 times more facial recognition data than any government or non-government entity today. The facial recognition company claimed to be ‘achieving rapid international expansion’. It said it has more than 3,000 security and law enforcement customers in the US, including the FBI and ICE, according to documents shared by Washington Post tech reporter Drew Harwell on Twitter. … Clearview’s technology roadmap goes even further, with plans to develop services such as licence plate recognition, movement tracking and contactless fingerprint recognition. Last month, Clearview AI announced that it was awarded a US patent for a facial recognition capability that performed ‘nearly flawlessly’ in vendor tests.”

It sounds like the company is on a roll. All this despite increased regulatory pressure in several countries. The ACLU and authorities in Australia, Canada, and the UK have all taken action of one sort or another against the company. Meanwhile, mass biometric surveillance in general is being challenged in the EU. A couple companies have reversed course on the technology—Meta (formerly known as Facebook) pledged to delete the facial recognition data it had collected, and IBM promised to jettison its facial recognition and analysis software. For those firms, however, creepy AI was just part of the mix. Such software is Clearview’s entire game, and it seems determined to forge ahead with no regard for attempts to rein it in.

Cynthia Murrell, March 4, 2022

Next Page »

  • Archives

  • Recent Posts

  • Meta