Posts Tagged ‘information technology companies’

Has NSO really changed its attitude with regard to spyware?

September 17, 2019

Cyber-intelligence firm NSO Group has introduced a new Human Rights Policy and a supporting governance framework in an apparent attempt to boost its reputation and comply with the United Nations’ Guiding Principles for Business and Human Rights. This follows recent criticism that its technology was being used to violate the rights of journalist and human rights defenders. A recent investigation found the company’s Pegasus spyware was used against a member of non-profit Amnesty International. [see: https://humanrightsdefenders.blog/2019/02/19/novalpina-urged-to-come-clean-about-targeting-human-rights-defenders/]

The NSO’s new human rights policy aims to identify, prevent and mitigate the risks of adverse human rights impact. It also includes a thorough evaluation of the company’s sales process for the potential of adverse human rights impacts coming from the misuse of NSO products. As well as this, it introduces contractual agreements for NSO customers that will require them to limit the use of the company’s products to the prevention and investigation of serious crimes. There will be specific attention to protect individuals or groups that could be at risk of arbitrary digital surveillance and communication interceptions due to race, colour, sex, language, religion, political or other opinions, national or social origin, property, birth or other status, or their exercise or defence of human rights. Rules have been set out to protect whistle-blowers who wish to report concerns about misuse of NSO technology.

Amnesty International is supporting current legal actions being taken against the Israeli Ministry of Defence, demanding that it revoke NSO Group’s export licence.

Danna Ingleton, Deputy Program Director for Amnesty Tech, said: “While on the surface it appears a step forward, NSO has a track record of refusing to take responsibility. The firm has sold invasive digital surveillance to governments who have used these products to track, intimidate and silence activists, journalists and critics.”

CEO and co-founder Shalev Hulio, counters: “NSO has always taken governance and its ethical responsibilities seriously as demonstrated by our existing best-in-class customer vetting and business decision process. With this new Human Rights Policy and governance framework, we are proud to further enhance our compliance system to such a degree that we will become the first company in the cyber industry to be aligned with the Guiding Principles.

https://www.verdict.co.uk/nso-group-new-human-rights-policy/

How Twitter moved from Arab spring to Arab control

July 29, 2019

Social media platforms were essential in the Arab Spring, but governments soon learned how to counter dissent online”, writes
Twitter played an essential role during the Egyptian Revolution and was used to get info to an international audience [File: Steve Crisp/Reuters]
Twitter played an essential role during the Egyptian Revolution and was used to get info to an international audience [File: Steve Crisp/Reuters]

In a series of articles, Al Jazeera examines how Twitter in the Middle East has changed since the Arab Spring. Government talking points are being magnified through thousands of accounts during politically fraught times and silencing people on Twitter is only part of a large-scale effort by governments to stop human rights activists and opponents of the state from being heard. In the next part of this series, Al Jazeera will look at how Twitter bots influenced online conversation during the GCC crisis on both sides of the issue.

https://www.aljazeera.com/news/2019/07/exists-demobilise-opposition-twitter-fails-arabs-190716080010123.html

Controversial spyware company promises to respect human rights…in the future

June 19, 2019

This photo from August 25, 2016, shows the logo of the Israeli NSO Group company on a building in Herzliya, Israel. (AP Photo/Daniella Cheslow)

This photo from August 25, 2016, shows the logo of the Israeli NSO Group company on a building in Herzliya, Israel. (AP Photo/Daniella Cheslow)

Newspapers report that controversial Israeli spyware developer NSO Group will in the coming months move towards greater transparency and align itself fully with the UN Guiding Principles on Business and Human Rights, the company’s owners said over the weekend. [see also: https://humanrightsdefenders.blog/2019/02/19/novalpina-urged-to-come-clean-about-targeting-human-rights-defenders/]

Private equity firm Novalpina, which acquired a majority stake in NSO Group in February, said that within 90 days it would “establish at NSO a new benchmark for transparency and respect for human rights.” It said it sought “a significant enhancement of respect for human rights to be built into NSO’s governance policies and operating procedures and into the products sold under licence to intelligence and law enforcement agencies.

The company has always stated that it provides its software to governments for the sole purpose of fighting terrorism and crime, but human rights defenders and NGOs have claimed the company’s technology has been used by repressive governments to spy on them. Most notably, the spyware was allegedly used in connection with the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul last year and whose body has never been found.

Last month London-based Amnesty International, together with other human rights activists, filed a petition to the District Court in Tel Aviv to compel Israel’s Defense Ministry to revoke the export license it granted to the company that Amnesty said has been used “in chilling attacks on human rights defenders around the world.”

On Friday the Guardian reported that Yana Peel, a well-known campaigner for human rights and a prominent figure in London’s art scene, is a co-owner of NSO, as she has a stake in Novalpina, co-founded by her husband Stephen Peel. Peel told the Guardian she has no involvement in the operations or decisions of Novalpina, which is managed by my husband, Stephen Peel, and his partners and added that the Guardian’s view of NSO was “quite misinformed.”

And Citizen Lab is far from re-assured:  https://citizenlab.ca/2019/06/letter-to-novalpina-regarding-statement-on-un-guiding-principles/…

https://www.timesofisrael.com/controversial-nso-group-to-adopt-policy-of-closer-respect-for-human-rights/

https://www.theguardian.com/world/2019/jun/18/whatsapp-spyware-israel-cyber-weapons-company-novalpina-capital-statement

Speech by Commissioner Dunja Mijatović at RightsCon 2019, Tunis, about digital security

June 17, 2019

Council of Europe Commissioner for human rights, Dunja Mijatović, gave a speech at the world’s leading summit on human rights in the digital age, RightsCon 2019, in Tunis, on 11 June 2019:

…A recent article of the New York Times from the city of Kashgar showed the extent to which the Chinese authorities are using facial recognition and snooping technologies to keep a tight control of the Muslim community.  If you think that this does not concern you because it is happening far away, you would be terribly wrong. The Chinese experiment bears a great significance for all of us. It shows to what extent the cozy relations between technology companies and state security agencies can harm us. This has become particularly acute as part of states response to terrorist threats and attacks. States around the world have increased their surveillance arsenal, not always to the benefit of our safety. On the contrary, in several occasions they used it to silence criticism, restrict free assembly, snoop into our private life, or control individuals or minorities.

An illustration of this comes from human rights defenders. If in the past human rights defenders have been ahead of states in using technological progress to expose human rights abuses, now they are facing a backlash. As we speak, states and non-state actors are intercepting their communications, intrude their personal data, trace their digital footprint. States are using technologies to learn about human rights defenders’ plans or upcoming campaigns; to find or fabricate information that can help intimidate, incriminate or destroy their reputation; or to learn about their networks and sources.

This concerns us all. At stake here is the society we want to live in and bequeath to the next generations. Technology should maximise our freedoms and rights – and keep those in power accountable.

To get there we need to strengthen the connections among us and crowdsource human rights protection, promotion and engagement. An important step in that direction would be to provide more support, funding and digital literacy training to human rights defenders. It is also crucial that the private sector and state authorities uphold human rights standards in the designing and implementation of all technological tools.

Living in an increasingly digital world does not mean living artificial lives with artificial liberties. Our rights must be real, all the time.

We all must resist the current backlash and persist in demanding more human rights protection, more transparency and more accountability in the digital world.

https://www.coe.int/en/web/commissioner/-/2019-speech-by-dunja-mijatovic-council-of-europe-commissioner-for-human-rights-at-the-world-s-leading-summit-on-human-rights-in-the-digital-age-rights

Beyond WhatsApp and NSO – how human rights defenders are targeted by cyberattacks

May 14, 2019

Several reports have shown Israeli technology being used by Gulf states against their own citizens (AFP/File photo)

NSO Group has been under increased scrutiny after a series of reports about the ways in which its spyware programme has been used against prominent human rights activists. Last year, a report by CitizenLab, a group at the University of Toronto, showed that human rights defenders in Saudi Arabia, the United Arab Emirates and Bahrain were targeted with the software.

In October, US whistleblower Edward Snowden said Pegasus had been used by the Saudi authorities to surveil journalist Jamal Khashoggi before his death. “They are the worst of the worst,” Snowden said of the firm. Amnesty International said in August that a staffer’s phone was infected with the Pegasus software via a WhatsApp message.

——-

Friedhelm Weinberg‘s piece of 1 May is almost prescient and contains good, broader advice:

When activists open their inboxes, they find more than the standard spam messages telling them they’ve finally won the lottery. Instead, they receive highly sophisticated emails that look like they are real, purport to be from friends and invite them to meetings that are actually happening. The catch is: at one point the emails will attempt to trick them.

1. Phishing for accounts, not compliments

In 2017, the Citizen Lab at the University of Toronto and the Egyptian Initiative for Personal Rights, documented what they called the “Nile Phish” campaign, a set of emails luring activists into giving access to their most sensitive accounts – email and file-sharing tools in the cloud. The Seoul-based Transitional Justice Working Group recently warned on its Facebook page about a very similar campaign. As attacks like these have mounted in recent years, civil society activists have come together to defend themselves, support each other and document what is happening. The Rarenet is a global group of individuals and organizations that provides emergency support for activists – but together it also works to educate civil society actors to dodge attacks before damage is done. The Internet Freedom Festival is a gathering dedicated to supporting people at risk online, bringing together more than 1,000 people from across the globe. The emails from campaigns like Nile Phish may be cunning and carefully crafted to target individual activists.. – they are not cutting-edge technology. Protection is stunningly simple: do nothing. Simply don’t click the link and enter information – as hard as it is when you are promised something in return.

Often digital security is about being calm and controlled as much as it is about being savvy in the digital sphere. And that is precisely what makes it difficult for passionate and stressed activists!

2. The million-dollar virus

Unfortunately, calm is not always enough. Activists have also been targeted with sophisticated spyware that is incredibly expensive to procure and difficult to spot. Ahmed Mansoor, a human-rights defender from the United Arab Emirates, received messages with malware (commonly known as computer viruses) that cost one million dollars on the grey market, where unethical hackers and spyware firms meet. See also: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/]

Rights defender Ahmed Mansoor in Dubai in 2011, a day after he was pardoned following a conviction for insulting UAE leaders. He is now in prison once more.

Rights defender Ahmed Mansoor in Dubai in 2011. Image: Reuters/Nikhil Monteiro

3. Shutting down real news with fake readers

Both phishing and malware are attacks directed against the messengers, but there are also attacks against the message itself. This is typically achieved by directing hordes of fake readers to the real news – that is, by sending so many requests through bot visitors to websites that the servers break down under the load. Commonly referred to as “denial of service” attacks, these bot armies have also earned their own response from civil society. Specialised packages from Virtual Road or Deflect sort fake visitors from real ones to make sure the message stays up.

 

A chart showing how distributed denial of service (DDoS) attacks have grown over time.

How distributed denial of service (DDoS) attacks have grown. Image: Kinsta.com; data from EasyDNS

Recently, these companies also started investigating who is behind these attacks– a notoriously difficult task, because it is so easy to hide traces online. Interestingly, whenever Virtual Road were so confident in their findings that they publicly named attackers, the attacks stopped. Immediately. Online, as offline, one of the most effective ways to ensure that attacks end is to name the offenders, whether they are cocky kids or governments seeking to stiffle dissent. But more important than shaming attackers is supporting civil society’s resilience and capacity to weather the storms. For this, digital leadership, trusted networks and creative collaborations between technologists and governments will pave the way to an internet where the vulnerable are protected and spaces for activism are thriving.

——–

Microsoft exercising human rights concerns to turn down facial-recognition sales

April 30, 2019

FILE PHOTO: The Microsoft sign is shown on top of the Microsoft Theatre in Los Angeles, California, U.S. October 19,2018. REUTERS/Mike Blak
REUTERS/Mike Blak

Joseph Menn reported on 16 April 2018 in kfgo.com about Microsoft rejecting a California law enforcement agency’s request to install facial recognition technology in officers’ cars and body cameras due to human rights concerns. Microsoft concluded it would lead to innocent women and minorities being disproportionately held for questioning because the artificial intelligence has been trained on mostly white and male pictures. AI has more cases of mistaken identity with women and minorities, multiple research projects have found.

Anytime they pulled anyone over, they wanted to run a face scan” against a database of suspects, company President Brad Smith said without naming the agency. After thinking through the uneven impact, “we said this technology is not your answer.” Speaking at a Stanford University conference on “human-centered artificial intelligence,” Smith said Microsoft had also declined a deal to install facial recognition on cameras blanketing the capital city of an unnamed country that the nonprofit Freedom House had deemed not free. Smith said it would have suppressed freedom of assembly there.

On the other hand, Microsoft did agree to provide the technology to an American prison, after the company concluded that the environment would be limited and that it would improve safety inside the unnamed institution. Smith explained the decisions as part of a commitment to human rights that he said was increasingly critical as rapid technological advances empower governments to conduct blanket surveillance, deploy autonomous weapons and take other steps that might prove impossible to reverse….

Smith has called for greater regulation of facial recognition and other uses of artificial intelligence, and he warned Tuesday that without that, companies amassing the most data might win the race to develop the best AI in a “race to the bottom.”

He shared the stage with the United Nations High Commissioner for Human Rights, Michelle Bachelet, who urged tech companies to refrain from building new tools without weighing their impact. “Please embody the human rights approach when you are developing technology,” said Bachelet, a former president of Chile.

[see also my older: https://humanrightsdefenders.blog/2015/11/19/contrasting-views-of-human-rights-in-business-world-bank-and-it-companies/]

https://kfgo.com/news/articles/2019/apr/16/microsoft-turned-down-facial-recognition-sales-on-human-rights-concerns/

Big Brother Awards try to identify risks for human rights defenders

February 24, 2019

Novalpina urged to come clean about targeting human rights defenders

February 19, 2019

In an open letter released today, 18 February 2019, Amnesty International, Human Rights Watch and five other NGOs urged Novalpina to publicly commit to accountability for NSO Group’s past spyware abuses, including the targeting of an Amnesty International employee and the alleged targeting of Jamal Khashoggi. [see also: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/]

Danna Ingleton, Deputy Director of Amnesty Tech, said: “Novalpina’s executives have serious questions to answer about their involvement with a company which has become the go-to surveillance tool for abusive governments. This sale comes in the wake of reports that NSO paid private operatives to physically intimidate individuals trying to investigate its role in attacks on human rights defenders – further proof that NSO is an extremely dangerous entity.

We are calling on Novalpina to confirm an immediate end to the sale or further maintenance of NSO products to governments which have been accused of using surveillance to violate human rights. It must also be completely transparent about its plans to prevent further abuses.

This could be an opportunity to finally hold NSO Group to account. Novalpina must commit to fully engaging with investigations into past abuses of NSO’s spyware, and ensure that neither NSO Group nor its previous owners, Francisco Partners, are let off the hook.”

The signatories to the letter are:

  • Amnesty International
  • R3D: Red en Defensa de los Derechos Digitales
  • Privacy International
  • Access Now
  • Human Rights Watch
  • Reporters Without Borders
  • Robert L. Bernstein Institute for Human Rights, NYU School of Law and Global Justice Clinic, NYU School of Law

https://www.amnesty.org/en/latest/news/2019/02/spyware-firm-buyout-reaffirms-urgent-need-for-justice-for-targeted-activists/

https://www.amnesty.org/en/latest/research/2019/02/open-letter-to-novalpina-capital-nso-group-and-francisco-partners/

NGOs express fear that new EU ‘terrorist content’ draft will make things worse for human rights defenders

January 31, 2019

On Wednesday 30 January 2019 Mike Masnick in TechDirt published a piece entitled: “Human Rights Groups Plead With The EU Not To Pass Its Awful ‘Terrorist Content’ Regulation“. The key argument is that machine-learning algorithms are not able to distinguish between terrorist propaganda and investigations of, say, war crimes, It points out that as an example that Germany’s anti-“hate speech” law has proven to be misused by authoritarian regimes. Read the rest of this entry »

LinkedIn reverses censorship position re Zhou Fengsuo’s profile

January 7, 2019

Zhou Fengsuo –  Getty Images

On 3 January, LinkedIn sent Zhou a message saying his profile and activities would not be viewable to users in China because of “specific content on your profile” (without saying which content!). Hours later, Microsoft-owned LinkedIn reversed its decision, apparently after South China Morning Post reporter Owen Churchill brought attention to the case. See the exchange below:

————-