Kenya Insights

Tag: Surveillance

  • NSA whistleblower Edward Snowden warns Apple program that scans iPhones for child porn will ultimately be used to spy on iPhone owners

    NSA whistleblower Edward Snowden warns Apple program that scans iPhones for child porn will ultimately be used to spy on iPhone owners

    NSA whistleblower Edward Snowden has issued a chilling warning about Apple’s plans to begin scanning photos of users, saying the proposal will give governments terrifying access to citizen’s private data.

    Snowden, a former computer intelligence consultant, who in 2013 leaked classified documents to show the scale of government snooping on U.S. citizens, condemned the new plans in strong terms, and says they set a precedent which will ultimately be abused by corrupt politicians to destroy individual privacy.

    He said that Apple had chosen a dangerous path with their scheme to access users’ photos, and that governments will manipulate the rule to give them greater access to data they claim they need access to – such as a phone owner’s presence at a protest.

    The Silicon Valley giant will scan all photos linked from iPhones to the Cloud for child pornography – with images cross-checked against a database from the National Center for Missing and Exploited Children.

    Apple say that any users who do not want their phones to be scanned can switch off the linkage to the Cloud. But many people do not realize their phones are synching with the Cloud – and Snowden said 85 per cent of iPhone users have their phones set up to synch to the Cloud.

    He also warned that Apple’s initial opt-out will inevitably be axed if its plans go ahead, meaning people’s phones will ultimately be the property of corporations and governments, and used to spy on their owners.

    The update was announced at the beginning of this month, and Apple said the latest changes will roll out this year as part of updates to its operating software for iPhones, Macs and Apple Watches.

    Edward Snowden, who leaked classified information in 2013 showing the extent of U.S. government spying on its own citizens, has warned about Apple’s plan to scan peoples’ photos
    All photos which are linked from your phone to the iCloud will be scanned, and if they match images on the child pornography database held by the National Center for Missing and Exploited Children then they will be flagged

    It marks a sea change for the company, which has long prided itself – and promoted itself – as a bastion of privacy protection in a world of increasing surveillance.

    Snowden is pictured in September 2019 promoting his book via video conference

    Apple was one of the first major companies to embrace ‘end-to-end’ encryption, in which messages are scrambled so that only their senders and recipients can read them. Law enforcement, however, has long pressured the company for access to that information in order to investigate crimes such as terrorism or child sexual exploitation.

    Snowden, 38, who has lived in Russia since leaking the classified information, said that Apple was opening Pandora’s Box.

    ‘If Apple demonstrates the capability and willingness to continuously, remotely search every phone for evidence of one particular type of crime, these are questions for which they will have no answer,’ he warned.

    ‘And yet an answer will come – and it will come from the worst lawmakers of the worst governments.

    ‘This is not a slippery slope. It’s a cliff.’

    Tim Cook, the CEO of Apple, has long prided himself on his company pushing back against government demands to hand over data from peoples’ phones. Snowden insists that Apple’s new decision will end that protection

    Snowden said that Apple’s proposal would make it simple for governments to clamp down on their citizens.

    ‘What happens when a party in India demands they start scanning for memes associated with a separatist movement?’ he wrote, on his newsletter.

    ‘What happens when the UK demands they scan for a library of terrorist imagery?

    Apple’s headquarters are pictured in Cupertino. The company insist that ordinary peoples’ photos will not be singled out, but Snowden is unconvinced

    ‘How long do we have left before the iPhone in your pocket begins quietly filing reports about encountering ‘extremist’ political material, or about your presence at a ‘civil disturbance’?’

    Snowden said that Apple was setting out ‘to erase the boundary dividing which devices work for you, and which devices work for them.’

    He added: ‘Once the precedent has been set that it is fit and proper for even a ‘pro-privacy’ company like Apple to make products that betray their users and owners, Apple itself will lose all control over how that precedent is applied.​​’​

    He pointed out that pedophiles would immediately disable the settings, which showed that rooting out sex offenders was not the real purpose of the new scheme.

    ‘As long as you keep that material off their servers, and so keep Apple out of the headlines, Apple doesn’t care,’ he said.

    ‘Apple’s new system, regardless of how anyone tries to justify it, will permanently redefine what belongs to you, and what belongs to them.’

    Source link.

  • Apple To Scan U.S iPhones For Images Of Child Pornography

    Apple To Scan U.S iPhones For Images Of Child Pornography

    Apple unveiled plans to scan U.S. iPhones for images of child sexual abuse, drawing applause from child protection groups but raising concern among some security researchers that the system could be misused by governments looking to surveil their citizens.

    Apple said its messaging app will use on-device machine learning to warn about sensitive content without making private communications readable by the company. The tool Apple calls “neuralMatch” will detect known images of child sexual abuse without decrypting people’s messages. If it finds a match, the image will be reviewed by a human who can notify law enforcement if necessary.

    But researchers say the tool could be put to other purposes such as government surveillance of dissidents or protesters.

    Matthew Green of Johns Hopkins, a top cryptography researcher, was concerned that it could be used to frame innocent people by sending them harmless but malicious images designed designed to appear as matches for child porn, fooling Apple’s algorithm and alerting law enforcement — essentially framing people. “Researchers have been able to do this pretty easily,” he said.

    Tech companies including Microsoft, Google, Facebook and others have for years been sharing “hash lists” of known images of child sexual abuse. Apple has also been scanning user files stored in its iCloud service, which is not as securely encrypted as its messages, for such images.

    Some say this technology could leave the company vulnerable to political pressure in authoritarian states such as China. “What happens when the Chinese government says, ‘Here is a list of files that we want you to scan for,’” Green said. “Does Apple say no? I hope they say no, but their technology won’t say no.”

    The company has been under pressure from governments and law enforcement to allow for surveillance of encrypted data. Coming up with the security measures required Apple to perform a delicate balancing act between cracking down on the exploitation of children while keeping its high-profile commitment to protecting the privacy of its users.

    Apple believes it pulled off that feat with technology that it developed in consultation with several prominent cryptographers, including Stanford University professor Dan Boneh, whose work in the field has won a Turing Award, often called technology’s version of the Nobel Prize.

    The computer scientist who more than a decade ago invented PhotoDNA, the technology used by law enforcement to identify child pornography online, acknowledged the potential for abuse of Apple’s system but said it was far outweighed by the imperative of battling child sexual abuse.

    “It possible? Of course. But is it something that I’m concerned about? No,” said Hany Farid, a researcher at the University of California at Berkeley, who argues that plenty of other programs designed to secure devices from various threats haven’t seen “this type of mission creep.” For example, WhatsApp provides users with end-to-end encryption to protect their privacy, but employs a system for detecting malware and warning users not to click on harmful links.

    Apple was one of the first major companies to embrace “end-to-end” encryption, in which messages are scrambled so that only their senders and recipients can read them. Law enforcement, however, has long pressured for access to that information in order to investigate crimes such as terrorism or child sexual exploitation.

    “Apple’s expanded protection for children is a game changer,” John Clark, the president and CEO of the National Center for Missing and Exploited Children, said in a statement. “With so many people using Apple products, these new safety measures have lifesaving potential for children who are being enticed online and whose horrific images are being circulated in child sexual abuse material.”

    Julia Cordua, the CEO of Thorn, said that Apple’s technology balances “the need for privacy with digital safety for children.” Thorn, a nonprofit founded by Demi Moore and Ashton Kutcher, uses technology to help protect children from sexual abuse by identifying victims and working with tech platforms.

  • Israel’s NSO Pegasus Spyware International Weapon Used By Horrific Regimes To Silence Critics

    Israel’s NSO Pegasus Spyware International Weapon Used By Horrific Regimes To Silence Critics

    On March 2, 2017, Mexican journalist Cecilio Pineda took out his mobile phone and in a Facebook live broadcast spoke about alleged collusion between state and local police and the leader of a drug cartel. Two hours later, he was dead – shot at least six times by two men on a motorcycle.

    It was a few weeks later that Forbidden Stories – a global network of journalists engaged in investigations – confirmed that not just Pineda, but also the state prosecutor who investigated the case, Xavier Olea Pelaez, were the targets of Israel’s Pegasus spyware in the weeks and months before his murder.

    Pineda’s phone was also never found, as it had disappeared from the crime scene by the time the authorities had arrived.

    Two weeks after Washington Post columnist Jamal Khashoggi was killed in the Saudi Consulate in Istanbul, Turkey in October 2018, the digital rights organization Citizen Lab reported that a close friend of Khashoggi, Omar Abdulaziz, had been targeted with Pegasus software developed by NSO Group Technologies — an Israeli technology firm.

    New revelations from Forbidden Stories and its partners have found that Pegasus spyware was successfully installed on the mobile phone of Khashoggi’s fiancée, Hatice Cengiz, just four days after his murder. The phone of Khashoggi’s son, Abdullah, was selected as a target of an NSO client based on the consortium’s analysis of the leaked data.

    Overall, the phones of 180 journalists around the world are claimed to have been selected as targets by clients of NSO Group Technologies. Its spyware Pegasus enables the remote surveillance of smartphones.

    Forbidden Stories, which conducted investigations along with Amnesty International’s Security Lab, found that the phones of many politicians, civil society activists and even judges were being monitored in many countries, breaching privacy laws.

    According to Forbidden Stories, they had access to a leak of more than 50,000 records of phone numbers belonging to journalists, politicians, officials, activists and even judges that NSO clients had selected for surveillance.

    Forensic analysis

    The forensic analyses of their phones – conducted by Amnesty International’s Security Lab and peer-reviewed by the Canadian organization Citizen Lab – were able to confirm infection or attempted infection with NSO Group’s spyware in 85% of cases.

    “The numbers vividly show the abuse is widespread, placing journalists’ lives, those of their families and associates in danger, undermining freedom of the press and shutting down critical media,” said Agnes Callamard, secretary-general of Amnesty International.

    NSO Group, in a written response to Forbidden Stories, said the consortium’s reporting was based on “wrong assumptions” and “uncorroborated theories” and reiterated that the company was on a “life-saving mission”.

    “The alleged amount of leaked data of more than 50,000 phone numbers cannot be a list of numbers targeted by governments using Pegasus,” it added.

    NSO Group maintains that its technology is used exclusively by intelligence agencies to track criminals and terrorists. According to NSO Group’s Transparency and Responsibility report released in June this year, the company has 60 clients in 40 countries around the world.

    Pegasus “is not a mass surveillance technology and only collects data from the mobile devices of specific individuals suspected to be involved in serious crime and terror,” NSO Group wrote in the report.

    In India, the phone of Paranjoy Guha Thakurta, an investigative journalist and author of several books, was hacked in 2018.

    Quoting Thakurta, Forbidden Stories said he was targeted when he was working on an investigation into the finances of the famous Ambani business group.

    “The purpose of getting into my phone and looking at who are the people I’m speaking to would be to find out who are the individuals who have been providing information to me and my colleagues,” he said.

    Thakurta is one of at least 40 Indian journalists selected as targets of an NSO client in India, based on the consortium’s analysis of the leaked data.

    The phones of two of the three cofounders of the independent online news outlet The Wire – Siddharth Varadarajan and MK Venu – were both infected by Pegasus, with Venu’s phone hacked as recently as July.

    Top journalists targeted

    Several other journalists who work for or have contributed to the independent news outlet The Wire– including columnist Prem Shankar Jha, investigative reporter Rohini Singh, diplomatic editor Devirupa Mitra and contributor Swati Chaturvedi – were all selected as targets, according to the records accessed by Forbidden Stories and its partners.

    “It was alarming to see so many names of people linked to The Wire, but then there are lots of people not linked to the Wire,” said Varadarajan, whose phone was compromised in 2018.

    Addressing parliament on Monday, Information Technology Minister Ashwini Vaishnaw said there is “no substance behind this sensational” claim and that “with checks and balances in place, illegal surveillance [is] not possible.”

    “A highly sensational story was published by a web portal last night. Many over-the-top allegations [were] made around this story. The press reports appeared a day before [the] monsoon session of parliament. This can’t be a coincidence,” he said.

    He described these revelations as an attempt to malign Indian democracy.

    The Committee to Protect Journalists (CPJ) had previously documented 38 cases of spyware – developed by software companies in four countries – used against journalists in nine countries since 2011.

    How does Pegasus work?

    Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation (EFF), was one of the first security researchers to identify and document cyber-attacks against journalists and human rights defenders in Mexico, Vietnam and elsewhere in the early 2010s.

    “Back in 2011, you would receive an email, and the email would go to your computer, and the malware would be designed to install itself on your computer,” she said.

    But the installation of Pegasus spyware on smartphones has become subtler. Instead of the target having to click on a link to install the spyware, so-called “zero-click” exploits allow the client to take control of the phone without any engagement on the part of the target.

    Once successfully installed on the phone, Pegasus spyware gives NSO clients complete device access and thereby the ability to bypass even encrypted messaging apps like Signal, WhatsApp and Telegram. Pegasus can be activated at will until the device is shut off. As soon as it’s powered back on, the phone can be reinfected.

    According to Galperin Pegasus operators can remotely record audio and video, extract data from messaging apps, use the GPS for location tracking and recover passwords and authentication keys, among other things.

    Spying governments have moved in recent years toward a more “hit and run” strategy to avoid detection, she said, infecting phones, exfiltrating the data and quickly exiting the device.

    Over the years, governments the world over have moved to gather intelligence using technology instead of humans. In the past, they developed spyware tools in-house until private spyware companies like NSO Group, FinFisher and Hacking Team stepped in to sell their products to governments, according to Galperin.

    In June 2021, French spyware company Amesys was charged with “complicity in acts of torture” for selling its spyware to Libya from 2007-2011. According to plaintiffs, in that case, information gleaned through digital surveillance was used to identify and hunt down opponents of deposed dictator Muammar Gaddafi, who were later tortured in prison.

    The revelations stemming from this international collaborative investigation have thrown into question the safeguards put in place to prevent misuse of cyber weapons like Pegasus and, more specifically, NSO Group’s commitment to creating “a better, safer world.”