User Tools

Site Tools


Surveillance State

See Big Tech, especially Googlag and Facebook of the burgeoning Surveillance State of inseparably allied Big Tech/Big Government (ChiComs and the Five Eyes) big data privacy mining.

Spy. You Spy. Only The Lawyers Win. And Googlag-Facebook-Twitter-Amazon-Microsoft-Appleelitists

WhatsApp (Facebook) alleges in a lawsuit just filed that a surveillance (aka spy) company exploited a vulnerability and inserted spyware into the WhatsApp app and was using it to spy on hundreds of human rights activists, journalists and lawyers.

The spyware, known as Pegasus, gives the attacker complete control over a phone’s functions without the victim’s knowledge or use. The victim doesn’t even need to accept a phone call or send or receive a message.

No alt text provided for this image The fact that the end-to-end encryption that WhatsApp uses prevents casual observers from viewing the message in a meaningful natural language has always been a challenge for government intelligence agencies when they have a legitimate, national security interest in learning what two bad guys are saying to each other.

These intelligence agencies have previously called for technology companies to build backdoor access that only they can use to view users’ conversations. Refusal of the tech industry to capitulate has led to a multi-million-dollar market for companies like the defendant who sell spyware and exploit kits to government agencies who lack the legal or technical capability to create their own.

While most of the surveillance companies have recently introduced politically correct human rights protections (whatever that means) into their software, they also are able to plead plausible deniability through a defense that treads somewhere against the guardrails of lacking oversight into the targets of their spyware once their product is in the field.

Whether or not the spy firm is found guilty and held liable of spying on these targets, the issue raises serious questions about private espionage industry as a whole. The most challenging among them is whether private companies can be trusted to ensure their digital weapons don’t end up in the wrong hands? And if so, what are the mechanisms to proof the trust?

No alt text provided for this image The first part is obviously easy to answer. Our own top spymasters at the NSA vividly demonstrated that risk by the creation and subsequent failure to protect EternalBlue, which was stolen by the Shadow Brokers in 2017 and used to execute the now globally infamous WannaCry ransomware attack, which crippled thousands of computers around the world.

If Facebook should prevail in the lawsuit, the resulting waves will completely change the rules around weaponizing this class of malware, and we will see multiplying lawsuits against governments whose cyber-tools have been stolen, and then leaked into the dark web and used in cyber-attacks against special interest targets.

A simple scenario under which a targeted entity could capture the malware for re-use would be to set-up a honey-pot on a readied device, recover the code and reverse engineer the exploit as well as the exploit code itself. This is not unlike recovering an unexploded enemy weapon on your own property and re-suing it against a new target belonging to an adversary,

No alt text provided for this image One other troubling question that arises from all this is whether states should be allowed to use commercial third parties to do the dirty work that the state actors are unable to do through a lack of capability, or not allowed to do by law.

Facebook’s lawsuit accuses the defendant of violating the Computer Fraud and Abuse Act (CFAA), a law that is usually used to punish hackers for cybersecurity attacks. The CFAA was enacted in 1986 as an amendment to the first federal computer fraud law to address hacking.

Over the years, it has been amended several times to cover a broad range of conduct far beyond its original intent. The CFAA prohibits intentionally accessing a computer without authorization or in excess of authorization but fails to define what “without authorization” means. With harsh penalty schemes and malleable provisions, it has become a tool ripe for abuse and use against nearly every aspect of computer activity.

This lawsuit may present an opportunity for many who oppose the CFAA to re-craft a replacement, so some definable good may come out of this regardless of the specific outcome for Facebook or the NSO Group.

The suit also pits an industry experiencing a severe bout of existential techlash against it by people who associate tech companies with what is wrong with society against an industry sporting a long list of ethical issues, secrecy obsessions, complaints and negative public opinion itself.

Here’s two bad actors. Choose your least favorite.

While legal experts caution Facebook that their use of the CFAA law is problematic, a courtroom win for the giant social media monster would be welcome news on the PR front as it continually battles an image problem over its draconian misinformation and disinformation policies.

No alt text provided for this image Facebook’s problems aside, this case resurfaces the nastier complexities of the cybersecurity business and forces us to ask the questions nobody wants to answer. If it were up to John Kerry, we’d all look the other way, go skiing in France and hope nothing too bad happens. If on the other hand, it became John Bolton’s call, we’d all be working for the NSA.

The only winners here are the lawyers.“

And also the biggest winners are the autistic authoritarian busybodyelitists“ of Googlag-Facebook-Twitter-Amazon-Microsoft-Apple.

Fair Use Source:

A surveillance state is a country where the government engages in pervasive surveillance of large numbers of its citizens and visitors. Such widespread surveillance is usually justified as being necessary to prevent crime or terrorism, but may also be used to stifle criticism of and opposition to the government.

surveillance program PRISM at Checkpoint Charlie in Berlin.]] Examples of early surveillance states include the former Soviet Union and the former East Germany, which had a large network of informers and an advanced technology base in computing and spy-camera technology.<ref>Manuel Castells, (August 2009), ''The Rise of the Network Society'', 2nd edition, Wiley Blackwell, ISBN 978-1-4051-9686-4. Retrieved 23 September 2013.</ref> But these states did not have today's technologies for mass surveillance, such as the use of databases and pattern recognition software to cross-correlate information obtained by wire tapping, including speech recognition and telecommunications traffic analysis, monitoring of financial transactions, automatic number plate recognition, the tracking of the position of mobile telephones, and facial recognition systems and the like which recognize people by their appearance, gait, etc.

Many advanced nation-states have implemented laws that partially protect citizens from unwarranted intrusion - such as the Data Protection Act 1998 in the United Kingdom, and laws that require a formal warrant before private data may be gathered by a government.

Electronic police state

An electronic police state is a state in which the government aggressively uses electronic technologies to record, collect, store, organize, analyze, search, and distribute information about its citizens.<ref>The first use of the term “electronic police state” was likely in a posting by Jim Davis (11 August 1994), "Police Checkpoints on the Information Highway", Computer underground Digest, Volume 6 : Issue 72 (14 August 1994), ISSN 1004-042X, “The so-called 'electronic frontier' is quickly turning into an electronic police state.”</ref><ref name=EPS-2008NationalRankings>The term “electronic police state” became more widely known with the publication of ''The Electronic Police State: 2008 National Rankings'', by Jonathan Logan, Cryptohippie USA.</ref> Electronic police states also engage in mass government surveillance of landline and cellular telephone traffic, mail, email, web surfing, Internet searches, radio, and other forms of electronic communication as well as widespread use of video surveillance. The information is usually collected in secret.

Electronic police states may be either dictatorial or democratic. The crucial elements are not politically based, so long as the government can afford the technology and the populace will permit it to be used, an electronic police state can form. The continual use of electronic mass surveillance can result in constant low-level fear within the population, which can lead to self-censorship and exerts a powerful coercive force upon the populace.<ref name=“Applications of Social Control Theory: Criminality and Governmentality”>Kingsley Ufuoma OMOYIBO, Ogaga Ayemo OBARO (2012), “Applications of Social Control Theory: Criminality and Governmentality”, International Journal of Asian Social Science, Vol. 2, No. 7, pp.1026-1032.</ref>

Seventeen factors for judging the development of an electronic police state were suggested in The Electronic Police State: 2008 National Rankings:<ref name=EPS-2008NationalRankings/>

  • Daily documents: Requirement for the use and tracking of state-issued identity documents and registration.
  • Border and travel control: Inspections at borders, searching computers and cell phones, demanding decryption of data, and tracking travel within as well as to and from a country.
  • Financial tracking: A state’s ability to record and search financial transactions: checks, credit cards, wires, etc.
  • Gag orders: Restrictions on and criminal penalties for the disclosure of the existence of state surveillance programs.
  • Anti-crypto laws: Outlawing or restricting cryptography and/or privacy enhancing technologies.
  • Lack of constitutional protections: A lack of constitutional privacy protections or the routine overriding of such protections.
  • Data storage: The ability of the state to store the data gathered.
  • Data search: The ability to organize and search the data gathered.
  • Data retention requirements: Laws that require Internet and other service providers to save detailed records of their customers’ Internet usage for a minimum period of time.
    • Telephone data retention requirements: Laws that require telephone companies to record and save records of their customers’ telephone usage.
    • Cell phone data retention requirements: Laws that require cellular telephone companies to record and save records of their customers’ usage and location.
  • Medical records: Government access to the records of medical service providers.
  • Enforcement: The state’s ability to use force to seize anyone they want, whenever they want.
  • Lack of habeas corpus: Lack of a right for a person under arrest to be brought before a judge or into court in a timely fashion or the overriding of such rights.
  • Lack of a police-intel barrier: The lack of a barrier between police organizations and intelligence organizations, or the overriding of such barriers.
  • Covert hacking: State operatives collecting, removing, or adding digital evidence to/from private computers without permission or the knowledge of the computers' owners.
  • Loose or no warrants: Arrests or searches made without warrants or without careful examination and review of police statements and justifications by a truly independent judge or other third-party.

The list includes factors that apply to other forms of police states, such as the use of identity documents and police enforcement, but go considerably beyond them and emphasize the use of technology to gather and process the information collected.

surveillance_state.txt · Last modified: 2020/03/12 18:41 (external edit)