Dirty Tricks by State

Cyber Surveillance, Digital Subversion, and Transnational Repression 

 Ronald Deibert from Citizen Lab on Cyber Surveillance, Digital Subversion, and Transnational Repression https://democracyparadox.com/2022/05/10/ronald-deibert-from-citizen-lab-on-cyber-surveillance-digital-subversion-and-transnational-repression/ 

Extracts...

a very famous piece in the Journal of Democracy called “Liberation Technology” by Larry Diamond that outlines this thesis and there’s a lot of merit to it. Actually, when you look on the face of it, many, many examples of people using digital technologies do hold governments and private companies accountable, do connect with each other to organize, to mobilize.

But what’s happened over time is the tables have turned. Part of it has to do with the fact that computers and networks, internet networks are two-way streets, if you will. We communicate out, but they also look at us and they are increasingly, especially with social media, designed to monitor us. And generally speaking, the entire ecosystem is insecure and that means that it has become a very convenient tool for those who want to do some sort of malfeasance to use the internet for that purpose. What’s happened is we’ve seen this real explosion of the spread of transnational repression practices tied to digital technologies, because of the way in which the architecture is constructed and how the devices that we carry around with us at all times are highly invasive, but insecure and poorly regulated.

There are a lot of wealthy people in the world. A lot of oligarchs that are flaunting their wealth and using that wealth to circumvent laws to operate in gray areas. Once that sort of becomes acceptable, you can understand how they would be led down a path of contracting out with private investigators.

So, that’s coming from the private sector and then governments, of course, have always had an appetite to spy on adversaries, each other, their own citizens, citizens abroad. It’s just that now they have so many more tools and capabilities and resources that enable them to do this. Like I said before, people are kind of set up to be spied on by default.

the concept of transnational repression 

the fact of the matter is governments can intimidate, harass, repressed people abroad. They have done it for centuries. You can think of many examples where governments have organized some kind of secret crew to go abroad undercover. Maybe murder somebody abroad. But it takes a lot of effort. It’s very risky. It can easily be exposed. It obviously requires physical proximity. With digital technologies, all of those constraints are removed.

So, digital transnational repression is not only very effective directly. It also has these indirect impacts on people’s psychological state and emotional wellbeing which happens to be the title of our recent report on this topic, “Psychological and Emotional War.” We did an extensive study of transnational repression in Canada and found that people fleeing from abroad to this country were experiencing this new type of control method that’s quite insidious and is transnational in nature.

 

Since you have access to somebody’s device, it’s not inconceivable that you could plant falsely incriminating information. It would be very difficult to disprove. So, if I hacked your phone and I put on your phone horrible images that are illegal and then called the cops and they grab your phone,o, you know, you can anticipate meetings of people, you can plant falsely incriminating information, you can find out where someone is going and kidnap them or murder them, all sorts of things. It’s very powerful. I think the fact that the market is mostly unregulated, it’s kind of Wild West right now. It’s really daunting to think about those two in combination: extremely powerful technologies in the hands of autocrats, despots, and even democracies as we’re finding out with a report on Spain that we just produced and then very poor regulation. That’s a dangerous combination.

 

The companies like NSO group claim they only sell it to governments. Let’s take them at their word for now. But even assuming it’s restricted just to governments, that doesn’t give me much solace because there are so many governments in the world that are nasty, brutal, despotic regimes, especially their security agencies in countries where there’s no oversight or whatever. But then on the less technologically sophisticated side of the spectrum, we’ve seen many, many examples of people succumbing to the same problems, but with very simple techniques that trick them.

Citizen Lab

Seymour Martin Lipset Lecture “Digital Subversion: The Threat to Democracy” by Ronald Deibert

Subversion Inc: The Age of Private Espionage” by Ronald Deibert in Journal of Democracy

SC-Appointed Pegasus Probe Committee Seeks Responses from Public

SC-Appointed Pegasus Probe Committee Seeks Responses from Public on 11 Queries  https://thewire.in/law/sc-appointed-pegasus-probe-committee-seeks-responses-from-public-on-11-queries  The queries pertain to the safeguards in place to check state surveillance, the extent to which state surveillance is justified and seek suggestions on how to strengthen cyber security and balance individual rights with national security interests. 

https://pegasus-india-investigation.in/invitation-to-comment/  Link to on-line form to be filed. Questions are

1.Whether the existing boundaries of State surveillance  for the purposes of national security, defence of India, maintenance of public order, and prevention and investigation of offences, are well defined and understood?  any other purposes? 

2.  Whether the procedures and rules .. surveillance  are sufficient to effectively prevent unwarranted excessive routine use/misuse;

3. What substantive and procedural safeguards – would you suggest? 

3b) How can existing procedures be improved? 

4. What should be the grievance redressal mechanism

5: Should there be special safeguards, in what form,  for certain categories of persons?

 6: contexts and  extent of State immunity/access for acts of hacking,  unauthorised access etc

6 b)  legal mandates to share data with (IT)  intermediaries. Data Protection? 

7 Should the State be obliged to record or disclose surveillance technology/access ? To whom? What form? 
Should these records be accessible ?

8. Practicality and Feaseability  under the Indian federal constitutional framework,

9. steps  to improve  cyber security of the Nation and its assets?
Is there a need for a separate authority or organisation to (i) investigate cyber security vulnerabilities for threat assessment relating to cyber-attacks and (ii) to ensure cybersecurity of public and private digital infrastructure?

10. What laws and safeguards should be put in place by the State to protect its citizens from targeted surveillance by non-State/private entities and foreign agencies?

11 Any other suggestion

 

Quadream’s REIGN spyware

Second Israeli company exploited Apple flaw to hack into iPhones – report https://www.timesofisrael.com/second-israeli-company-exploited-apple-flaw-to-hack-into-iphones-report/ 3 February 2022,
Quadream’s REIGN spyware said to have used same exploit as NSO Group’s Pegasus, before being patched in September; clients also include Saudi Arabia

Bill Marczak, a security researcher with Citizen Lab, told Reuters that the company’s so-called “zero-click” abilities appeared to be “on par” with NSO’s. Three of the sources said NSO and Quadream’s exploits were similar because they leveraged many of the same vulnerabilities hidden deep inside Apple’s instant messaging platform and used a comparable approach to plant malicious software on targeted devices, in order to gain unauthorized access to data.

"India Bought Pegasus": Spying Scandal Resurfaces After New York Times Report

"India Bought Pegasus": Spying Scandal Resurfaces After New York Times Report |  Reality Check Feb 3, 2022   https://www.youtube.com/watch?v=vdpSfiKkzw8  

Pegasus Snooping Scandal: The New York Times reported that the Indian government bought the Pegasus spyware in 2017 as part of a multi-billion-dollar defence deal, reigniting the spying scandal. The opposition is on the warpath, with Congress' Rahul Gandhi accusing the government of treason.

Ronen Bergman, NYT reporter in Israel on Pegasus

< https://youtu.be/wuK1r7IWwzE  >

Transcript India's 2017 Pegasus Deal With Israel Involved Top Intel Leaders    https://thewire.in/rights/transcript-india-israel-2017-pegasus-deal-siddharth-varadarajan-ronen-bergman-interview  Israeli investigative reporter Ronen Bergman speaks at length about the explosive story he co-authored in the New York Times on the sale of Pegasus spyware around the world, including to India.

Sukla Sen highlights Three takeaways:

I. From the Israeli side the clinching of the contact (for sale of Pegasus) requires direct involvement of the Prime Minister. That's a strong clue as to what is the level of representation on the Indian side.

II. A The system sold to India enables it to monitor a number of phones -  the maximum number lies somewhere between 10 and 50, concurrently.
    B. The capacity is determined/fixed at the time of initial purchase itself and cannot be scaled up later.
    C The contact is renewable (every year or at the end of the term).
    D. In the Indian case, it's a multi-year contact.

III. The system has to be installed (onsite) by the NSO engineers. They're to provide periodic maintenance services (onsite). Maybe also assistance to operate in some selected cases.

 

Extracts: by s sen

(on cost to India) I would say it’s a few dozens of millions… of the $2 billion, the [cost of purchasing] Pegasus in terms of [the] real number is not the majority whatsoever, this is, they were like missiles that are far, far more expensive...


The NSO engineers need to be physically present on-site to install the system, test it, and then from time to time come and do the maintenance. In this case, Indian intelligence service, which was the entity that purchased the Pegasus – the overall connection is also with the involvement of the agency in Israel that is in charge of running secret intelligence and political relationships, which is the Mossad.

It’s not [a] license given by the ministry of defence. The MOD is giving a license to sell Pegasus according to some kind of a breakdown of details and capabilities. But besides that, in the commercial negotiation between NSO and Indian entities or Indian agencies, it’s very important to, and this has a significant impact on the pricing, different kinds of capabilities of the Pegasus, one of them – and most important per bandwidth capability, power and price – is how many licenses are sold. License is the ability to monitor one phone at the concurrent time. And this is … as far as I know, those [which] were sold to India, were I think between – I don’t remember what was the exact number – but it’s between 10 and 50. So each one can, it depends on what was decided, can monitor between 10 phones up to 50 phones.

Other comments:

Ronen Bergman asserted that NSO is now on the verge of extinction.. hinting that the tech is out there or that some other entity corporate, State, or perhaps rogue entity could make use of this. So the horse's shit would hit the fan, and so some serious work needs to be done to outlaw and prevent this kind of disruption. Nuremberg3.0 is called for. It also became quite clear that it was not a software which could be sold and distributed on a disk. It is engineered from perhaps some base tools and custom-made for each client, contract by contract. 

He said that the NSO has perhaps deliberately engineered things in such a way that they don't know the content of the invasion.. mainly because their clients themselves would not want it and also because of deniability.. true they have a log of the numbers and the attempts to hack.. and they have a front door access based on dual-both sides concurrence for maintenance.

Ronen Bergman No client of NSO would want a back door, because then they can be a backdoor to a back door. I was impressed that he was following the story right from the inception of NSO and is clear that NSO is near extinction.. but the tech lives on.. perhaps large chunks of the tech has already been sold or new corporations setup .. perhaps some hackers are already on the job

 

 

 

  1. NYT: India Bought Pegasus as Part of Larger $2 Billion Deal with Israel in 2017
  2. The Battle for the World’s Most Powerful Cyberweapon
  3. Pegasus Snooping- Counsel Of Bhima Koregaon Accused
  4. Apple files lawsuit against Pegasus-creator NSO Group
  5. Israeli spyware company NSO Group placed on US blacklist
  6. Letters from a former Secretary GOI on Pegasus
  7. SC Pegasus Ruling Historic; An Indictment of Modi Government: Dushyant Dave
  8. The Law May Permit the State to Intercept Phones but Not to Weaponise Them
  9. The ‘yes or a no’ the Court must ask about Pegasus
  10. the threat posed by Pegasus to progressive and “alternatives” communities
  11. Hearing on the implications of the Pegasus spyware at Committee on Legal Affairs and Human Rights
  12. RSF’s complaint in Paris and before the UN
  13. About the Pegasus Project
  14. Pegasus & Its Implications to the Security of Indian Society
  15. Non Issue ?
  16. Pegasus, a diplomatic currency?
  17. How Does Pegasus Affect You?
  18. Video of Discussion on Surveillance and Pegasus
  19. Failure to connect the dots: Pegasus second coming
  20. the secret dots that connect
  21. Pegasus opinion.. Dhruv Rathee, Arnab Goswami, News Laundry
  22. Spy Softwares other than Pegasus
  23. How Much Does Pegasus Cost?
  24. Snowden's view on Pegasus; We need to change the Game
  25. What is Pegasus, the chosen tool for ‘total surveillance’?
  26. Montage of Godi Media & Pegasus
  27. Unsafe and unchecked: government use of spyware raging around the world
  28. Citizens Must Push Back
  29. Woman Who Accused Fmr. CJI Ranjan Gogoi Potential Snoop Target
  30. Pegasus International
  31. Insinuation about Pegasus Project Chronology 'Strains Credulity'
  32. If not 50,000, what about two?
  33. Pegasus as Diplomacy
  34. Chronology of Pegasus
  35. Targeted persons..
  36. Used as a Weapon in the hands of State
  37. Why not Investigate?
  38. Counter Arguments to Pegasus Project
  39. Insertion of malware is illegal -
  40. More Names in Pegasus
  41. New Normal ? Decoding the Scandal - Ravish Kumar
  42. Mojo Story on Pegasus Phone hacks
  43. Pegasus expose in other countries..
  44. Amazon shuts out NSO
  45. Candiru Another Mercenary Spyware
  46. Who is behind the phone tapping?
  47. INC response..
  48. Ravi Shankar Prasad responds..
  49. Whats Apps Lawsuit against NSO
  50. Times Now.. point by point rebuttal by NSO
  51. Snooping in India via Pegasus, who will act?
  52. Pegasus in 2018, as per Citizen Lab.
  53. Pegasus Explained: Wire's First stories on 18th June
  54. Pegasus Project: An International Collaboration

Subcategories

Surveillance

Page 9 of 20

Last 10 articles in this website

Threads

Blogs

E-library