Tuesday, Oct 04, 2022

NSO’s Pegasus is not the problem. The problem is the backdoor in IOS and Android.

NSO sells its spyware software services to countries which buy most of their military weapons from the massive arms industries of the liberal Western democracies, such as the United States, UK, France and Germany.

My dear Guardian friends, It is hugely hypocritical to claim that it is wrong to sell spyware to the security forces of these countries, when your country is busy selling them weapons to kill their opponents, not just to spy on them.
The orchestrated criticism against NSO is based on very little knowledge, and driven much less by good intentions.

The latest shocker in the Pegasus spyware case has pointed to President Emmanuel Macron as the target of a massive data leak after his phone number was found amongst 14 world leaders’ listed as “people of interest” by NSO Group.

As reported by The Guardian, the spyware made and licensed by NSO has been used in both attempted and successful hacks of smartphones belonging to journalists, government officials, human rights activists, diplomats, military chiefs and senior politicians from 34 countries.

Nothing in my following words below is to say that this is acceptable. It is not.

As a journalist, social activist and software expert with 40 years experience worldwide, I also am a victim of Pegasus and similar surveillance software. However, I am not angry with Pegasus for providing spyware to the corrupt officials who spied on me (though I am for them for draining my batteries so fast). At least by spying on me they found out that I was doing nothing wrong.

Instead, I feel betrayed by Apple, Google and Microsoft for allowing Pegasus and many similar backdoor programs to run for so many years against so many innocent and good people.

NSO are loyal to their law enforcement customers.
Apple, Google, Samsung and Microsoft are not.

They are not loyal to us, their customers. We pay them billions of dollars to sell us devices that we can trust. And what they give us instead is devices that no one should trust.

Spying on the cell phones of journalists and social activists by abusing the power of laws is a crime against the society.

The practice of smartphone manufacturers, such as Google, Apple and Samsung, to implant backdoors that allow Western investigative bodies to conduct massive and improper spying on innocent people is much more problematic, and much less legal nor constitutional.

Pegasus is a service-based software that allows law enforcement agencies to crack down on criminals, terrorists. Carrying out the war on serious crime is of course not just the need of countries whose democracy is as perfect as we mistakenly think ours is . Every country has its criminals, and law enforcement agencies that must fight against it, effectively.

Fighting serious crime effectively is not only the right of the perfect countries that never publish in their news outlets human rights violations in their own territories (while happily and systematically pointing their “clean” fingers at other’s wrong-doings).

Fighting serious crime effectively is also the duty of countries that have not succeeded in hiding from the public their problematic records of human rights violations as the western countries does.

Every law enforcement agency in every country, democratic or not, has to fight against organized crime, drug trafficking and terrorists operating in their territory. NSO's business is to provide software that helps the law enforcement agencies to do exactly that.

And yes, we can assume that this digital weapon is not only used against the bad guys but sometimes abused against good guys. Not only in countries with bad human rights reputations, but everywhere. That’s life.

When I was the victim of the spyware, I didn't care because I'd done nothing wrong and I was glad that anyone who doubted it had a chance to be sure of, but Pegasus still bothered me greatly because its activity drained the batteries on my phone too quickly.

The need to fight serious crime by hacking into the phones of drug smugglers, terrorists and human traffickers is a necessary evil. Every country allows its good guys to fight the bad guys by giving them effective tools, some of which enable them to abuse the individual rights of the suspects. And yes, sometimes - if not always and everywhere - power corrupts, and when this is such an absolute power, it corrupts absolutely.

So it is true that law enforcement agencies around the world sometimes also make improper and excessive use against whistleblowers and social activists who expose crimes of the government against citizens. Power corrupts.

Western countries have done and still doing it against brave people who expose corruption and war crimes like Edward Snowden and Julian Assange, who have exposed massive governmental crimes against humanity, and are punished for making the world a better place.

Other countries do just the same as USA and UK against their own Edward Snowdens and Julian Assanges, whether it be Alexei Navalny in Russia, Jamal Khashoggi in Saudi Arabia or Roman Protasevich in Belarus. None of the above are criminals regardless the fake charges against them. More accurately they and their peers are heros, victims of a corrupted rule of law.

The abuse that legal authorities and officials sometimes make by misusing tools the law gave them, does not eliminate the need for all of us that the good guys will continue to fight criminals effectively. The corruption that is endemic in the legal system is a price every society must pay. When we assign power to some people there is no other outcome possible than that sooner or later power will corrupt. Not for all of those people. Not always. But everywhere, all the time.

The intrusions on our privacy and human rights are comprehensive. Remote hacking into phones and computers, copying all information and passwords, locating the phone holder at every given moment, remotely turning on the camera and microphone without the phone owner's awareness, deleting all information, or even planting fake information that the device owner is not even aware of. All made possible by built-in backdoors in every IOS, Android, Windows and Linux device, that can be easily used by free, or $100 available software and tools, manufactured all over the world, and available to anyone with appropriate technical skills.

You do not have to be a member of a law enforcement agency or governmental authority to remotely hack into the cell phone of anyone who has a mobile phone or computer or smart TV. There is an app for that. Not one, but many. Not officially, and not only on the dark web, but also in AppStore and Google Play.

The difference between NSO's Pegasus and the dozens of similar software available on the Web in general and on the Dark Web in particular, is that Pegasus is sold as a service, with strict Terms of Use, to law enforcement agencies in various countries around the world. NSO has the right to stop their customers from using the software at anytime NSO discovers it has been misused to violate human rights (as it has reportedly done, against 7 countries in the past). NSO's check and balance protocol does not exist in other available hacking tools.

So the problem is not the hacking tools, but that Google, Apple and Microsoft have failed to protect us all.

It’s happening everywhere, not only in “bad countries”.

But every country, including countries with problematic records of human rights violations, still has the right and need to enforce the law against its criminals.

It would be better for us if the supplier of the hacking tools were publicly-listed, or a visible, above-the -radar company such as NSO. It is better that the hacking tools provider is subject to the control and supervision of a strict export-licensing system just like the Pegasus software.

If the supplier is not NSO, it might easily be a software manufacturer from Russia or China. After all, professional Chinese and Russian programmers are few levels above Silicon Valley’s.

So we had better be careful when we declare war against companies that help our law enforcement agencies fight against crime. We might win that particular war and remove the ability of our law enforcement to win their fight.

The good news is that NSO may soon become a publicly-listed company. That will enhance the current checks and balances they are subject to anyway in their country by their national regulators, and add to it a less friendly eyes such as the American regulators.

But the bottom line is that we should not be complaining that Pegasus is making money by selling back doors that Apple and Google and Microsoft have so egregiously failed to protect us from. Despite all the trillions of dollars we paid them to do so.

Related Articles