TIMES.KY

Cayman Islands, Caribbeanand International News
Monday, May 16, 2022

Pegasus is not the problem. The problems are the backdoors, bugs and loopholes in Apple's IOS and Google's Android

Pegasus is not the problem. The problems are the backdoors, bugs and loopholes in Apple's IOS and Google's Android

The important journalistic investigations that exposed mass espionage using Pegasus spyware against political opponents, social activists, senior public servants, business competitors, journalists and masses of innocent people have triggered a global tsunami of criticism. Rightly so: this scandal is a terrorist attack using weapons of mass destruction against democracy and human-rights, worldwide.

Blaming NSO, the maker of Pegasus, or the State of Israel, which allowed and even encouraged the distribution of Pegasus around the world, is easy and it's popular. But this is just shifting the blame from those responsible for the problem, to those who are simply taking advantage of it.

If the amazing information that Edward Snowden revealed to the world left anyone indifferent, perhaps because it showed an attack on the American Constitution by a state body considered quite credible, this time we find that the weapon of mass destruction of human rights is available and accessible to anyone with money, in the free market.

If in the past we did not treat those revelations with the proper level of personal trepidation, today we can all see that the problem is that everything in everyone's phone can be exposed to anyone who is interested. This means it's not only a problem for criminals who have something to hide, but also for each honest citizen who has done nothing wrong. It may seem that it's not a real problem for an innocent citizen with nothing to hide. But it is a real and serious danger for one who has a rich business competitor, or who has an ex-spouse looking for revenge, or is in a divorce process, or is a diligent journalist, or is a campaigning politician, or is a social activist exposing corruption, or is a decent public servant fighting corruption, or is a citizen testifying against the perpetrator of a crime.


Why are we at risk, when we have done nothing wrong and have nothing to hide?


The fact is that all the contents of our phones can be copied remotely without us noticing, despite Google and Apple stating that the operating systems they sold us with the phones were secure. The fact is that anyone equipped with the right software can turn on the camera and phone in our possession and see and hear everything going on around, without us even knowing it. But the most dangerous threat arising from the flawed Google and Apple operating systems is that anyone who can remotely control our phone can also easily incriminate us by planting criminal content onto our phones and reporting us to the police.

Google and Apple have for years been selling us operating systems that leave our phones open to implants not only by law enforcement agencies but also by others with access to commercially-available spyware. This means it is quite easy to implant in your phone, without your knowledge, hundreds of photos and videos that will prove that you are, for example, a pedophile - and then tip off the police about it. In such an instance, you would be immediately arrested, with the clear evidence against you given to the police in your phone, with no one believing that the prohibited content in your phone was not yours, and, in that case, with no respectable lawyer agreeing to defend you. And at the end of it all, when you would be jailed in disgrace, you'd never even know who you should blame.

With the existing back-doors in your mobile phone, anyone can put you in jail. Your estranged partner, your jealous competitor, your bitter ex-, your angry neighbor, or just a bored hacker.

And all this is not because of Pegasus, it’s because Google or Apple sold you a phone with a flawed operating system that allows hackers to criminalize you.

So it's a serious mistake for decent people who have nothing to hide to dismiss the major problem that Google and Apple are responsible for creating in the naiive and erroneous belief that "it's only a problem for criminals who have something to hide".

A waiver of your right to privacy because "a non-criminal has nothing to hide", is exactly like waiving your right to freedom of speech because - on occasion - you have nothing to say.

The fact that you have nothing to hide is not a permission for them to see you naked. Your right not to be exposed naked to others deserve protection even when you are an honest person who has done nothing wrong.

The fact that you do not say anything illegal doesn't mean that you have granted them permission to listen in on you while you're having sex.

So people everywhere who were not formerly worried about the back-doors in their phones - because they had nothing to hide - have now woken up to the fact that their mobile phone can be controlled remotely by Pegasus and many similar tools. To the fact that anyone who doesn’t like you, for whatever reason, can check on every intimate detail of what you are really doing in real-time. And to the awful reality that they have the power to implant a fake life-story on you and criminalize you forever with terrible crimes you never committed.

It should be shockingly crystal-clear to all of us that this machine for the destruction of human rights - and democracy - can be put to immediate, nefarious use by anyone with a modest budget and some interest in spying on or denigrating someone else.

But the problem is not Pegasus, not the entities which make and sell the spyware, and not the country in which it is made and from which it is marketed.

This is squarely the responsibility, and liability, of Google and Apple, not Pegasus. They opened the door to the valuables safe, and welcomed others to come in take advantage of all inside. And for many years they have left the door open.

The real culprits who caused this global calamity are Google and Apple. These are the companies to which we have loyally been paying huge money all these years, buying the shiny illusion they led us to believe that the operating systems they sold us are safe, reliable, and protect our privacy. Their boasting about these critical features has never been true, and for at least seven years now Google and Apple have known that it is their duty to warn all users of their operating systems that they should not be trusted, that they are dangerously vulnerable, full of back-doors, and the information inside our phone is not really private or protected from third party intrusion.

This was the original sin. This was the mass and systematic deception of billions of buyers around the world, who paid good money to make Google and Apple the richest monopolies in the world, while leaving their users the most exposed and vulnerable people in the world.

Google and Apple must now fix the problems that they sold to their customers built-in to the phones that use the vulnerable and insecure Android and IOS operating systems.

Google and Apple must pay whatever it costs to buy Pegasus, to hire their people, to build solutions that rectify the problems.

Over the last 15 years, we - the general public - have given them trillions of dollars to purchase phones that were sold to us as "smart and secure" devices.

Smart they were, secure they were not. Google and Apple have not honored their side of the deal: they left terribly dangerous problems lurking inside our phones; they have exposed billions of us at best to invasion of our privacy and illegal surveillance, and at worst to the risk of us being defrauded or murdered.

They have hundreds of billions of dollars sitting in off-shore accounts (un-taxed of course), which was the premium they got from us in return for their promises that our phones would be safe and secure. They have blatantly broken those promises; so they must remedy the current dangerous defects and protect us from future risk. First off, they can accept responsibility for the damage caused by Pegasus by buying out at full market rates NSO and its competitors, and taking their spying and surveillance cyber-weapons off the market.



Neither NSO nor the State of Israel sold you a phone that has back-doors, bugs and loopholes. Neither NSO nor the State of Israel sold you the illusion that the phone you bought for a huge sum was supposedly safe, secure, encrypted and protected, even though the maker knew full well that it was not.

Undoubtedly, the entities which are legally and morally responsible for enabling the terrifying proliferation of surveillance and spying are Apple and Google themselves. It's not just a moral issue: actually, they are criminally guilty. These top two Tech darlings, not uncoincidentally the world's two richest monopolies, are the ones that sold you the chocolate-covered poisoned fruits. They are the ones who enticed you to trust their very unsafe operating systems; and to store in them your most private secrets, as well as the secrets of your family, your workplace, your customers, and your country.

Yes, NSO is a cyber-arms company which has developed a surveillance system called Pegasus that is indeed made in the State of Israel. Yes, NSO's products are created to do what all the other offensive tools used by all the police forces and armies around the world - including guns, rifles, bombs and grenades - are designed to do: to help in the fight against what they define as serious crime and terrorism.

And yes, it's true that too many bad people who work in the good organizations that usually protect our safety and security have made forbidden and illegal use of NSO's tools. This is because, as we all know, power corrupts, no matter in whose hands it is entrusted, and that absolute power corrupts absolutely. Especially when this absolute power is hidden under the auspices of the law, far away from "sunlight, the very best disinfectant".

The State of Israel is not the only country in which these dangerous offensive weapons are manufactured, and is itself one of the many victims of their destructive power.




It's Karma: What Goes Around...Comes Around:


In Israel, too, they used NSO's Pegasus spyware and other Israeli spyware against their own prime minister, Benjamin Netanyahu, and his family. Ironically, Netanyahu has been NSO's number one salesman. The NSO spyware has also been used against Israel's own defense minister Benny Gantz, against liberal journalists and citizens exposing corruption, against politicians from all sides of Israeli politics, against senior civil servants inside the legal system itself, against judges, against eminent business people, against social activists and justice fighters, against Human Rights Organizations and diplomats, as well as against masses of civilians who were not suspected of committing any crime. (And yes, they also illegally spy on me, though I'm doing nothing wrong.)

To be even-handed, NSO and two other similar systems have been also used by the Israeli Police against a few notable criminals. But these Israeli criminals are smart people who never use "smart" phones anyway, and they have informers inside the police, so spying on them didn't work, obviously.

However, Israel is not the problem. Thus, blaming them is not the solution, even though that's always a popular option.

Likewise, the solution to this serious problem is not by attacking NSO, even though it is the easiest target.

Attacking the two most obvious targets will not deliver a solution, for several reasons:

NSO is not the only company in Israel that manufactures this monstrous and dangerous tool. There are at least ten other such companies in Israel.

Israel is not the only country where these spywares are being developed. There are many American, British, European, Canadian and Australian companies that are developing such intrusive tools.

And of course, if all the Western countries have so many commercial companies developing these digital weapons, then there is no doubt that other countries have similar if not superior developments. Countries that are much more technologically advanced than the West, like China, or countries where programmers are much more talented than their Western equivalents, like Russia and Ukraine, have many more companies and individuals engaged in the manufacture and use of these destructive tools, that are partly essential to public safety and partly illegal and forbidden.

To find the solution, let us turn to where the real problem lies - with Google and Apple. The two Tech Titans have huge reserves of extra, unused and un-taxed money we paid them over the years, and they should use it first to buy out NSO. That is the least they should do, to begin with. Having neutralised NSO, they should then set about correcting the back-doors, loopholes and bugs that they deliberately - and criminally - built into their high-priced "secure" products.

Google and Apple can provide us with all the simple tools to ensure that every user gets real-time notifications every time our battery and internet is used while the phone is turned off. They can easily provide users with full and simple reports about every in/out communication, including the type of content it sends out, and the sending destination of all outgoing traffic, with the ability to block, report and blacklist every spy server destination. They can easily monitor and verify fraudulent links that are sent to us, as well as phone calls that install spyware remotely. They can and must disable any capability for zero touch installation much before the sale of any of their products. Such bugs can be life-threateningly dangerous for at-risk individuals and are unacceptable for the rest of us. They can block the hardware from remotely accessing the camera, the microphone and the storage. They can restore the user's ability to remove the battery from the phone, or at least to have a physical cut-out button where the the user can choose to disconnect.




Google and Apple must give back to us what we thought we bought in the first place.


We should give them the 2-3 days they need to do it, to restore our human right to privacy and security. If they don't comply, we should, in a global class-action, take them to court and hold them accountable for the crimes they - and not NSO - have committed against their own trusted customers. (If we can get a couple of billion outraged customers involved, the compensation payout numbers should be quite interesting.)

The Terms & Conditions promulgated by the two Big Gorillas are not valid anyway, and only a stupid or corrupt judge would consider them legally binding: they're not fair or ethical, and definitely not fit for purpose. A buyer cannot read the T&Cs before he buys, pay,s opens and operates "his" phone so he cannot disagree with them without losing the money he paid for the phone. Even then, the T&Cs are so long, complicated and deliberately opaque that no one can really read and understand them - except perhaps a team of class-action lawyers. T&Cs should be written for the protection of the buyer no less than the seller. The T&Cs should consist of no more then 10 clear, straightforward declarations about safety, privacy, and the liability of the sellers to the buyers. They should not consist of 60 pages of obfuscation and corporate ass-covering. And the T&Cs as well as the operating system itself must alert users that the phone is not designed to store anything that you would not like others to see.

These two giant corporations sold us their poisoned products without a warning, without protection, and - so far - without an antidote, while falsely giving us the illusion that the personal data in our phone is private, safe and secure. It is not. Definitely and deliberately not. They know it. And, over the last 7 years at least, the rest of the world has come to know it. We - that is the global "we' - deserve to have this rectified immediately. Then we need to get from them a commitment to publish T&Cs which are honest, readable, open and ethical; instead of misleading, vague and self-serving.

And finally let's look at a global refund from them, to compensate us for the invasion of our privacy, and the damage that has surely been done to us.




Just imagine:


If Hitler had Pegasus.
If Stalin had Pegasus.
If Pinochet had Pegasus.
If Ceausescu had Pegasus (he's the one who invented it, by the way - but that is for another article).
If Kim Jung-On had Pegasus.
If Saddam Hussein had Pegasus.
If Ayatollah Khomeini had Pegasus.
If Hassan Nasrallah had Pegasus.
If Bin Laden had Pegasus.

But, leaving aside history's nasty players and nightmare scenarios, just imagine who has got hold of Pegasus-type products today? Spyware and surveillance tools that stealthily invade your privacy, courtesy of the back-doors built-in by Apple and Google?

We can be sure that China, Russia, USA, Britain, Germany and France have their own similar digital weapons, and that they are not always used for just reasons. Power always corrupts, and eventually corrupts everybody everywhere.

We have to accept that whatever tools we develop for good reasons will also fall into the hands of the bad guys. That's life. Or that the good guys with their hands on the tools will eventually start to act like bad guys (because absolute power corrupts absolutely).

The road to hell is paved with good intentions; and with good guys who naturally surrendered to common human weakness.

NSO is not the problem. Someone has to do the dirty jobs so the rest of us can stay safe and clean.

Israel is not the problem either. Thanks to the lively free press and determined investigative journalists in Israel (along with international solidarity in the columns of the UK's Guardian), we have finally been awakened to the terrible danger we have in our pockets.

We also have the powerful arguments we need to fire a few retaliatory salvos against Apple and Google to stop them trespassing on our property, trampling on our human rights, and stealing our precious data, all just to satisfy their rapacious greed.

We should thank NSO and the law enforcement agencies who are legally using these tools to help fight the bad guys.

Equally, we should demand accountability and responsibility from Google and Apple for making billions of the good guys - that's us, the regular citizens - vulnerable to an ominous attack on our human right of privacy, and against whatever is left of what we somehow still call "democracy".




* THIS ARTICLE HAS NO COPYRIGHT. FEEL FREE TO COPY & PASTE IT ANYWHERE WITH OR WITHOUT CREDIT.

* I HAVE NO DIRECT OR INDIRECT CONNECTION WITH NSO, I MYSELF, AS A JOURNALIST AND SOCIAL ACTIVIST, AM A VICTIM OF PEGASUS AND TWO OTHER SPYWARES. I DO NOT BLAME NSO. IT'S NOT THEIR FAULT WHAT BAD PEOPLE DO WITH THEIR IMPORTANT PRODUCT.


Newsletter

Related Articles

TIMES.KY
×