If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Since 2001, Ron Deibert has led Citizen Lab, the world's foremost "counterintelligence group for civil society," where they defend human rights activists, journalists and dissidents from the digital weapons deployed by the world's worst autocrats and thugs:
https://citizenlab.ca/
Citizen Lab's work is nothing short of breathtaking. For decades, this tiny, barely resourced group at a Canadian university has gone toe to toe with the world's most powerful cyber arms dealers – and won.
Today, Simon and Schuster publishes Chasing Shadows, Deibert's pulse-pounding, sphinter-tightening true memoir of his battles with the highly secretive industry whose billionaire owners provide mercenary spyware that's used by torturers, murderers and criminals to terrorize their victims:
Mercenary spyware companies are based all over the world, but the global leader in providing these tools is Israel, where the signals intelligence Unit 8200 serves as a breeding ground for startup founders who grow wealthy serving dictators around the world, thanks in part to Israel's lax export standards for cyberweapons.
Most notorious of these companies is the NSO Group, whose Pegasus malware has been deployed by corrupt, narco-affiliated Mexican politicians, murderous Saudi royals, and dictators in Central Asia, Latinamerica, and all around the world.
The NSO Group's founders told their customers that they were invisible, as ethereal as shadows, so their products could be deployed without fear of detection or consequence. At the same time, NSO ran a disinformation campaign for the broader public, insisting that they have the highest ethical standards and closely monitor their products' use to ensure that it is only deployed against terrorists and serious criminals. This latter strategy is backstopped by harassment and intimidation of journalists who investigate this narrative – I have personally been threatened by lawyers retained by the NSO Group.
Diebert and Citizen Lab disprove both of NSO's narratives. Their technical staff developed incredibly clever, subtle methods to detect malware infections all around the world and identify who had been targeted by NSO's products (they were greatly aided in this by farcical blunders in NSO's products).
In so doing, Citizen Lab not only showed that customers for mercenary spyware will someday be discovered – they also thoroughly disproved the company's narrative about its squeaky-clean image and high morals.
Much of Deibert's book is a true-life technothriller recounting the technology, the politics, and the human cost of a largely unregulated industry whose protectors are among the most powerful people in the world.
This book contains many never-revealed revelations from Deibert's distinguished career, like notes from a meeting where Stephen Harper's top spooks and Privy Council officials threatened and intimidated Deibert over Citizen Lab's reports on Saudi Prince Mohammed Bin Salman's use of spyware on Canadian residents.
Deibert also reveals some juicy bits of less consequence, like the fact that it was he who tipped off the BBC's Rory Cellan-Jones that Research In Motion was helping Middle Eastern autocracies and India's far right government spy on dissidents' Blackberry devices, just minutes before RIM co-founder Mike Lazardis was to sit for a televised interview with Cellan-Jones for the BBC's Click. When Cellan-Jones asked Lazaridis about the matter, Lazaridis at first denied it, then demanded that the camera be turned off before halting the interview:
https://www.youtube.com/watch?v=Q6iGe7vuGeQ
But the majority of Deibert's book is a string of horrifying stories of dissidents, activists, journalists, opposition politicians and the people around them having their lives peeled open by companies like NSO Group and their competitors. They run the gamut from multiple, successive presidents of Catalonia to the US-based children of activists agitating for limits to sugary drinks in Mexico.
On the way, Deibert is hounded by all kinds of dirty-tricksters, like the bumbling ex-Mossad spook that Black Cube – whom Harvey Weinstein hired to harass his victims – hired to discredit the organization:
He's also chased by troll armies working on behalf of South American despots, the corrupt Modi government of India, and middle eastern autocrats in the UAE, Saudi Arabia and elsewhere. While most of these trolls are anonymous jerks, a few high-profile serial online harassers-for-hire are singled out by name, their deeds publicly connected for the first time.
Deibert shows the human impact of mercenary spyware: the connection between these companies' products and intimidation, arbitrary detention, punitive rape, torture, and murder – for example, he painstaking lays out the role that the NSO Group's products played in the murder and dismemberment of the US-based journalist Jamal Khashoggi.
This is a dirty business, but it's also a lucrative one. Citizen Lab goes eyeball-to-eyeball and toe-to-toe with farcically wealthy, well-resourced attackers, who've waxed fat by abetting corruption and sadistic greed.
But this isn't mere rage-bait. Deibert's story is an inspiration, both in how it shows how principled, decent, hardworking people can make a difference – Citizen Lab researchers repeatedly discover and burn the vulnerabilities exploited by mercenary spyware, a process Deibert likens to disarming them – but also in the bravery and resilience of the subjects who trust Citizen Lab to analyze their devices, risking everything to come forward and tell their stories.
Citizen Lab is enmeshed in a global, digital community of human rights defenders – a community that wouldn't exist without the internet. Deibert's life's work is to create an internet that is fit for human thriving – and to wrestle control of technology away from the monsters who project their greed and sadism around the world through our devices.
Researchers said the NSO Group had found a vulnerability, which was disclosed Monday, that was used to target the iPhone of a human-rights lawyer in London and perhaps others.
The products of the NSO Group, which operated in secret for years, were found in 2016 as part of a spying campaign on the iPhone of a now-jailed human-rights activist in the United Arab Emirates through undisclosed Apple security vulnerabilities. Since then, the NSO Group’s spyware has been found on the iPhones of journalists, dissidents and even nutritionists.
The company has long advertised that its products are sold to government agencies solely for fighting terrorism and aiding law enforcement investigations.
[...]
The WhatsApp hole was used to target a London lawyer who has been involved in lawsuits that accuse NSO Group of providing tools to hack the phones of Omar Abdulaziz, a Saudi dissident in Canada; a Qatari citizen; and a group of Mexican journalists and activists, the researchers said. The researchers believe the list of targets could be much longer.
Digital attackers could use the vulnerability to insert malicious code and steal data from an Android phone or an iPhone simply by placing a WhatsApp call, even if the victim did not pick up the call. As WhatsApp’s engineers examined the vulnerability, they concluded that it was similar to other tools from the NSO Group, because of its digital footprint.
The lawyer, who spoke on the condition of anonymity because he feared retribution, said he had grown suspicious that his phone had been hacked when he started missing WhatsApp video calls from Swedish telephone numbers at odd hours. The lawyer contacted Citizen Lab at the Munk School of Global Affairs at the University of Toronto, which has helped uncover the use of NSO Group products in attacks on journalists, dissidents and activists.
Ten days ago, as Citizen Lab was looking into the incident, engineers at WhatsApp discovered what they described as abnormal voice calling activity on their systems, said a WhatsApp employee familiar with the investigation, who spoke on the condition of anonymity because the investigation was continuing.
WhatsApp alerted human-rights organizations about the threat and learned from Citizen Lab that the vulnerability had been used to target the lawyer.
This is my dozenth linkdump! The world comes at you fast, and even though I'm writing 4-5 essays a week for this newsletter, many's the week that ends with more stray links than will fit in that format. Here's the previous ones:
https://pluralistic.net/tag/linkdump/
I managed to turn out five posts last week, despite being on tour with my latest novel, The Lost Cause, a hopeful solarpunk novel endorsed by Rebecca Solnit, Bill McKibben and Kim Stanley Robinson. The tour went great – the book's now a national bestseller on the USA Today list! Here's an essay I wrote explaining the structure of the feeling that the book is meant to convey:
This is a climate emergency novel full of rising seas, terrible storms, wildfires and zoonotic plagues, and yet – it is a hopeful novel. What makes it hopeful? It depicts a future in which we are treating these phenomena with the gravitas and urgency they warrant, with our whole society's focus shifting to moving coastal cities inland, weatherizing and solarizing our housing, and creating permanent housing for internal refugees.
While it would be infinitely preferable to live in a world where none of that is necessary, that's not the world we have. This is an sf novel, not a fantasy novel, so all the climate harms we've locked in through decades of expensively procured inaction are present. But the difference between disaster and catastrophe is how and whether we address those harms. Sure, this is a world where superstorms wipe away whole cities and Miami is a drowned mangrove swamp, but it's also a world in which oil executives do not chair UN climate summits or complain that oil companies are being "unjustly vilified":
I write a lot, and it's not just this newsletter. Writing transports me from my anxieties and aches. That's how I came to write nine books during lockdown ("when life gives you SARS, make sarsaparilla"). Lost Cause was one of three books I published in 2023.
I'm going to greet 2024 with another novel, The Bezzle, a sequel to 2023's Red Team Blues, about the hard-charging, high-tech forensic accountant Marty Hench:
The Bezzle is a story about the shitty technology adoption curve – the way that the worst technologies we have are first rolled out on the people least able to complain about them. After these bad technologies have their sharp edges sanded down on the bodies of prisoners, refugees and kids, they move up to blue collar workers and discount store shoppers, and so on, until we're all living under their thumb.
In The Bezzle, a dear friend of Marty finds himself serving a long sentence in a privatized California prison that flips from one private equity fund to the next, each with even worse, more extractive ways to use technology to bleed prisoners and their families dry. You can read the opening scenes in a just-published excerpt on Tor Books's site:
The period immediately before a book's publication is always a tense one, as the first reviews trickle in. Library Journal's Marlene Harris is the first out of the gate, with a spectacular review:
Marty’s reminiscences range from obscure financial machinations to heaping helpings of social commentary but always move the underlying thriller story forward in a backwards heist tale that delivers a righteously satisfying ending to the surprise of both the reader and the villain. This novel, like his previous outing, rides on Marty’s voice. He has a jaundiced view of everything, but he tells it with such style and verve that readers are caught up and ride along on the surface until the shark beneath the water jumps out and bites the villain where it hurts.
I'm headed into Skyboat Media's studios on Monday with @wilwheaton to record the audiobook for this one, directed as ever by the amazing Gabrielle de Cuir. Keep your eyes peeled for a presale crowdfunder in January!
I am often asked how I decide when to present an idea through fiction and when to do so with nonfiction. The answer is a complicated one, and I got into it in some detail on Nature's Working Scientist podcast, in discussion with Paul Shrivastava:
When it comes to politics, fiction and nonfiction are intensely complementary. Nonfiction can convey the data about a social phenomenon, but fiction can convey the meaning of the data. It's one thing to see a chart about inequality, and another to inhabit it through fiction. Marty Hench's narrative adventures are a way into the feeling of living in a corrupt oligarchy.
There are other ways into that feeling, of course. Take Barry Bowen's "Lifestyles of the Blessed & Famous: Preacher Homes Sold in 2023" for The Roys Report:
If a picture is worth a thousand words, then carefully staged realtor drone shots ganked from the Redfin listing for a "pastor"'s $3.5m mansion in Newport Beach is a full-on sermon about the corruption of the Hillsong megachurch:
Narratives and photos are all well and good, but there's always room for some data. The USA's weird breed of federalism and devolved power makes for some very interesting data. Writing for The American Prospect, Paul Starr rounds up several studies evaluating the "natural experiments" created by enacting very different policies in otherwise similar states:
The data is in: conservativism kills. Living in a red state shortens your life expectancy. The redder the state, the worse it is. The bluer the state, the longer you're likely to live:
The exemplars here are Connecticut and Oklahoma, whose life expectancies were at par until they began to diverge in policies. Oklahoma got more conservative, Connecticut got more liberal. Today, the average Oklahoman will pop their clogs at 75.8, while a Connecticutensian can expect 80.7 years.
Different scholars have parsed out different policy outcomes. Giving Medicaid to children, for example, shows benefits for the next 50 years:
Fact-free spiritual beliefs like "an armed society is a polite society" are key to conservative policymaking. Pesky progressives who confuse the issue with relevant facts are playing dirty, pointing out reality's unfair leftist bias.
But after 40 years of neoliberal deference to corporate power, the worm is turning. Somehow, a world on fire, filled with megapastors in megamansions who brief for lethal policies, has finally inspired a global vibe-shift (and not a moment too soon!). One of the most tangible expressions of that shift is the revival of antitrust, which has been in a coma since the Reagan administration.
All over the world – the EU, the UK, Ireland, Australia, and the USA – there are new competition enforcers challenging corporate power in ways that were unthinkable just a few years ago. If I'd written an enforcer like FTC chair Lina Khan in 2010, critics would have slammed me for wish-fulfillment too unrealistic for science fiction.
But today, Khan is taking big swings at corporate power, fighting against a calcified edifice of decades of bad, pro-monopoly precedent. The pro-monopoly press hate her, which is why the WSJ keeps publishing sweaty op-eds insisting that she is wasting her time and that monopolies are good, actually:
But she is still out there, fighting for all of us. After a pro-monopoly judge stymied the FTC's bid to block the rotten Microsoft/Activision merger, Khan re-filed, appealing the decision:
Critics insist that she's on a foolish errand, but Khan is tackling the most promising face of a sheer cliff, and the plainly anticompetitive merger between one of the world's largest console makers (a convicted monopolist!) with one of the world's largest games publishers is the right place to start. If she can get her piton into one of the hairline cracks in that face, her arduous climb gains a solid anchor for the next stage of her assent.
Of course, Khan's highest-profile action is her case against Amazon, the omnipresent, dystopian poster-child for enshittification, a platform we can't avoid, but which is so haphazardly policed that the bestselling bitter lemon energy drink you order might be bottled piss harvested from its immiserated drivers:
In a world of murderous, community-destroying monopolies, Amazon stands out for the sheer number of ways it makes the world worse. Amazon maims its warehouse workers and kills its drivers with impossible quotas. It poisons Black and brown neighborhoods with truck exhaust from its giant depots. It destroys small businesses that sell on its platform. It was part of the studio cabal scheming to destroy actors and writers' livelihoods with unfair contracts and AI. Its audiobook monopoly stole at least $100m from independent authors. It makes goods and services more expensive at every retailer (not just Amazon), and price-gouges on its own storefront:
Keeping that scam going requires a lot of skullduggery. A new set of leaked internal Amazon documents shed some light on how that inedible sausage gets made:
Amazon's "Community Engagement Plan 2024" brags about buying off small-town mayors and astroturf groups in its bid to resist regulations that would limit warehouse delivery van emissions in communities of color (Amazon calls this "philanthropic work"). Coincidentally, that "philanthropy" targeted Perris, a town where residents voted for a warehouse tax to repair the roads that had been trashed by fleets of Amazon vans.
But the real focus of Amazon's "Community Engagement" is California's AB1000, a bill that will limit the construction of supersized, 100k+ sqft warehouses near daycare centers, schools or rec centers. Secondarily, Amazon is hoping to get California to make it easier to advertise alcohol around kids, to "unlock" California's liquor market.
This kind of shameless, mustache-twirling villainry can only go on so long before it meets resistance. One of the longest-running, hardest fought struggles against corporate malfeasance is the farmers' right ro repair fight against John Deere. Deere boobytraps its tractors so that after a farmer repairs a Deere tractor, they have to wait for days, and pay hundreds of dollars, for a Deere technician to come out to the farm and type an unlock code into the tractor's console:
Despite multiple state right-to-repair initiatives and a pending rulemaking from the FTC, Deere is still fucking around. Now, they've found out. US District Court Judge Iain Johnson just handed Deere a scathing, 89-page memo rejecting the company's bid to kill a class action suit brought by its customers:
The memo hearkens back to company founder John Deere, "an innovative farmer and blacksmith who—with his own hands—fundamentally changed the agricultural industry":
Judge Johnson tells Deere's lawyers that the real John Deere "would be deeply disappointed in his namesake corporation," and calls out their lying. You love to see it.
This kind of thing is happening all over the world as policymakers, regulators and lawmakers take aim at corporate power. The Australian government just announced that it would force Apple to open up iOS to alternative browser engines:
This is obscure and technical, but that's why it's so exciting: rather than mumbling broad platitudes about competition and user choice, the Australian Competition and Consumer Commission's regulation targets a critical leverage point where a small change will deliver huge benefits:
While there are many browsers in Apple's App Store, they're all just reskinned versions of Safari, all running on the same core engine, Webkit. Webkit is ancient, undermaintained and feature-poor. Crucially, Webkit does not implement the parts of the HTML5 standard needed for WebApps, which would allow app developers a safe channel to offer apps that don't go through Apple's App Store monopoly chokepoint:
Now, there's a big jump between announcing this kind of regulation and enacting it. As Mark Nottingham points out, Australia's had an "in principle" commitment to enact a privacy regulation for two successive governments, with no actual regulation in sight:
So we can't take these announcements as a sign to declare victory and stand down. The policymakers who announce these proposals deserve our accolades for the announcement and they require our constant vigilance until they make good on their promises.
That's the case in Ireland, where the Coimisiún na Meán has just published a fantastic regulatory proposal for recommendation systems, requiring recommenders to be turned off by default and that recommendations based on "political views, sexuality, religion, ethnicity or health" have to be switched off by default:
It's especially significant that this is coming out of Ireland, a corporate crime haven that has successfully lured the world's tech giants into flying its flag of convenience, with the guarantee of tax evasion and lax regulation:
This rule won't enforce itself. It'll require constant vigilance and pressure. There's plenty of ways to do that on a part-time, voluntary basis, but if this kind of thing enflames you enough to make a career out of it, here's a tenure-track job for an infosec professor at Citizen Lab, fearless slayers of high-tech corporate ogres:
That's all for this week's linkdump. It's time for me to go hole up in my office and wrap presents. When I do, I'll be tuning into the latest Merry Mixmas MP3 of Christmas mashups from DJ Riko:
Riko's Christmas mashups have been part of my holidays for more than two decades now. He's been making them for 22 years! That's a lot of great holiday mashups:
https://www.djriko.com/mixmases.htm
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
Pegasus: In the Israeli authorities the issue of monitoring Kouloglou, "attempted sabotage of the European Parliament"
An urgent request to the Israeli Ministry of Defense calls for the immediate activation of investigative and repressive mechanisms against the NSO Group. Kouloglou announces legal action, denouncing an obvious Greek finger.
Judicial and administrative intervention in Israel is being prompted by Citizen Lab’s recent revelations about the targeting of former MEP and member of the PEGA inquiry…
Paragon'daki Sızıntı: Casus Yazılım Skandalı ve Küresel Etkileri
Fotoğraf, Paragon’da hukuk danışmanı olarak görev yapan bir çalışan tarafından LinkedIn’de paylaşıldı. Görüntüde, arka planda yer alan bir kontrol panelinin hassas teknik bilgiler içerdiğinin fark edilmesi üzerine paylaşım kısa sürede silindi. Ancak görüntü, özellikle X platformunda hızla yayıldı.
Kontrol panelindeki detaylar dikkat çektiSızan fotoğrafta yer alan ekranda şu bilgilere rastlandığı…
Paragon'daki Sızıntı: Casus Yazılım Skandalı ve Küresel Etkileri
Fotoğraf, Paragon’da hukuk danışmanı olarak görev yapan bir çalışan tarafından LinkedIn’de paylaşıldı. Görüntüde, arka planda yer alan bir kontrol panelinin hassas teknik bilgiler içerdiğinin fark edilmesi üzerine paylaşım kısa sürede silindi. Ancak görüntü, özellikle X platformunda hızla yayıldı.
Kontrol panelindeki detaylar dikkat çektiSızan fotoğrafta yer alan ekranda şu bilgilere rastlandığı…
U Tall Me Princin Saudit, E Përgjuan Dhe U Rrah Në Londër: Rrëfimi I Komedianit Që Thotë Se U Hesht Nga Riadi
Për vite me radhë, Ghanem al-Masarir ishte një nga zërat më të dëgjuar satirikë në botën arabe. Nga një apartament modest në Wembley, komediani dhe YouTuber-i me origjinë saudite kishte ndërtuar një audiencë kolosale, duke grumbulluar qindra milionë shikime me video që tallnin dhe kritikonin hapur elitën sunduese të Arabisë Saudite. Por fama e tij nuk solli vetëm popullaritet. Sipas tij, solli…