More stories

  • in

    Revelations of Israeli spyware abuse raise fears over possible use by Trump

    Even as WhatsApp celebrated a major legal victory in December against NSO Group, the Israeli maker of one of the world’s most powerful cyberweapons, a new threat was detected, this time involving another Israel-based company that has previously agreed contracts with democratic governments around the world – including the US.Late in January, WhatsApp claimed that 90 of its users, including some journalists and members of civil society, were targeted last year by spyware made by a company called Paragon Solutions. The allegation is raising urgent questions about how Paragon’s government clients are using the powerful hacking tool.Three people – an Italian journalist named Francesco Cancellato; the high-profile Italian founder of an NGO that aids immigrants named Luca Casarini; and a Libyan activist based in Sweden named Husam El Gomati – announced they were among the 90 people whose mobile phones had probably been compromised last year.More is likely to be known soon, when researchers at the Citizen Lab at the University of Toronto, which investigates digital threats against civil society and has worked closely with WhatsApp, is expected to release a new technical report on the breach.Like NSO Group, Paragon licenses its spyware, which is called Graphite, to government agencies. If it is deployed successfully, it can hack any phone without a mobile phone user’s knowledge, giving the operator of the spyware the ability to intercept phone calls, access photographs, and read encrypted messages. Its purpose, Paragon said, was in line with US policy, which calls for such spyware to only be used to assist governments in “national security missions, including counterterrorism, counter-narcotics, and counter-intelligence”.In a statement to the Guardian, a Paragon representative said the company had “a zero-tolerance policy for violations of our terms of service”. “We require all users of our technology to adhere to terms and conditions that preclude the illicit targeting of journalists and other civil society leaders,” the representative said.The company does appear to have acted swiftly in response to the cases that have emerged so far. The Guardian reported last week that Paragon had terminated its contract with Italy for violating the terms of its contract with the group. Italy had – hours before the Guardian’s story broke – denied any knowledge of or involvement in the targeting of the journalist and activists, and said it would investigate the matter.David Kaye, who previously served from 2014 to 2020 as a special rapporteur on freedom of expression and opinion said the marketing of military-grade surveillance products, such as the kind made by Paragon, comes with “extraordinary risks of abuse”.“Like the NSO Group’s Pegasus spyware, it is easy for governments easily to avoid basic principles of rule of law. Though not all the details are known, we are seeing the likelihood of scandalous abuse in the case of Italy, just as we have seen that in other contexts across Europe, Mexico and elsewhere,” Kaye said.The issue seems particularly relevant in the US. In 2019, during the first Donald Trump administration, the FBI acquired a limited license to test NSO Group’s Pegasus. The FBI said the spyware was never used in a domestic investigation and there is no evidence that either the Trump or Joe Biden administrations used spyware domestically.In the face of increasing reports of abuse, including use of NSO’s spyware against American diplomats abroad, the Biden administration put NSO on a blacklist in 2021, saying the company’s tools had enabled foreign governments to conduct transnational repression and represented a threat to national security.Biden also signed an executive order in 2023 that discouraged the use of spyware by the federal government and allowed it to be used in limited circumstances.It was therefore a surprise when it was reported by Wired last year that the US Immigration and Customs Enforcement (Ice) agency had – under the Biden administration – signed a $2m one-year contract with Paragon. The contract was reportedly paused after the news became public and its current status is unclear. Ice did not respond to a request for comment.A Paragon representative said the company was “deeply committed to following all US laws and regulations” and that it was fully compliant with the 2023 executive order signed by Biden. The person also pointed out that Paragon was now a US-owned company, following its takeover by AE Industrial Partners. It also has a US subsidiary based in Virginia, which is headed by John Fleming, a longtime veteran of the CIA who serves as executive chair.Unlike its predecessor, however, the new US administration has publicly stated that it will seek to use the levers of government against Trump’s perceived political enemies. Trump has repeatedly said he would try to use the military to take on “the enemy from within”. He has also singled out career prosecutors who have investigated him, members of the military, members of Congress, intelligence agents and former officials who have been critical of him, for potential prosecution. He has never explicitly stated that he would use spyware against these perceived rivals.Researchers like those at Citizen Lab and Amnesty Tech are considered the leading experts in detecting illegitimate surveillance against members of civil society, which have occurred in a number of democracies, including India, Mexico and Hungary. More

  • in

    Facebook faces antitrust allegations over deals for Instagram and WhatsApp

    Facebook is expecting significant new legal challenges, as the US Federal Trade Commission and a coalition of attorney generals from up to 40 states are preparing antitrust suits.
    [embedded content]
    Although the specific charges in both cases remain unclear, the antitrust allegations are expected to center on the tech giant’s acquisition of two big apps: a $1bn deal to buy the photo-sharing app Instagram in 2012, and the $19bn purchase of the global messaging service WhatsApp in 2014. Together, the buys brought the top four social media companies worldwide under Facebook’s control. The purchases would constitute antitrust violations if Facebook believed the companies were viable competitors.
    At the time of its acquisition, Instagram had 30 million users, and, even though it was growing rapidly, it wasn’t yet making money. WhatsApp boasted more than 450 million monthly active users when it was acquired. “WhatsApp is on a path to connect 1 billion people,” Zuckerberg said in a statement at the time.
    The FTC cleared Facebook for the acquisitions when they occurred, and the company is hoping to leverage those approvals in mounting a defense. Facebook executives have also argued their company has helped the apps grow.
    But Facebook has come under greater scrutiny since the deals were done, and the FTC launched a new investigation into the potential antitrust violations in 2019.
    The FTC probe will build on findings from a separate inquiry conducted by the US House Judiciary subcommittee, which released millions of documents that appeared to show that Facebook executives, including CEO Mark Zuckerberg, were concerned the apps could become competition, before aggressively pursuing them.
    In one 2012 email, made public through the House investigation, Zuckerberg highlighted how Instagram had an edge on mobile, an area where Facebook was falling behind. In another, the CEO said Instagram could hurt Facebook even if it doesn’t become huge. “The businesses are nascent but the networks are established, the brands are already meaningful and if they grow to a large scale they could be disruptive to us,” Zuckerberg wrote. Instagram’s co-founder also fretted that his company might be targeted for destruction by Zuckerberg if he refused the deal.
    The FTC is expected to vote on a possible suit this week. Three of the five-member commission are believed to be in favor of the move, including chair Joseph Simons, who is expected to leave the agency before the new Biden administration is sworn in, Politico reported.
    Commissioners also have to decide where to file the suit: in federal court, which would leave the outcome to a judge; or in the FTC, where the commission could ultimately decide.
    The suit expected from the bipartisan coalition of states is headed by New York attorney general Letitia James. While details of their complaint are also scant, several states’ top law enforcement offices launched probes into Facebook’s acquisitions last year, adding to the pressure put on the company by federal regulators.
    Facebook did not respond to a request for comment.
    Facebook’s possible legal challenges come as a growing number of US lawmakers are arguing that companies including Amazon, Google, Facebook and Apple have amassed too much power and should be reined in.
    These companies “wield their dominance in ways that erode entrepreneurship, degrade Americans’ privacy online, and undermine the vibrancy of the free and diverse press”, the House judiciary committee concluded in its nearly 500-page report.
    “The result is less innovation, fewer choices for consumers, and a weakened democracy.”
    President-elect Joe Biden, too, has been critical of the tech companies. “Many technology giants and their executives have not only abused their power, but misled the American people, damaged our democracy and evaded any form of responsibility,” said Biden spokesperson Matt Hill to the New York Times. “That ends with a President Biden.”
    In May, Facebook took over Giphy, a hugely popular moving-image app, with plans to integrate it with Instagram. Late last month, the company also announced plans to acquire Kustomer, an e-commerce app.
    “This deal is about providing more choices and better products for consumers,” a company spokesman said in a statement to the New York Times. “The key to Facebook’s success has always been innovation, with M&A being just a part of our overall business strategy, and we will continue to demonstrate to regulators that competition in the technology sector is vibrant.” More

  • in

    US internet bill seen as opening shot against end-to-end encryption

    Platforms would lose legal cover if they fail to follow ‘best practice’ to prevent child abuse US senators have proposed a new law which would make key legal protections that online platforms rely on contingent on those platforms adopting specific practices related to privacy and the prevention of child sexual exploitation. The act has widely […] More