github/research.logos.co
1
1
Fork 0
mirror of https://github.com/vacp2p/research.logos.co.git synced 2026-04-03 03:01:03 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
deploy-develop
research.logos.co/assets/js/7b019678.c723d05f.js
357a5bca6d Update documentation
2026-02-13 14:11:27 +00:00

1 line
24 KiB
JavaScript
Raw Permalink Blame History

"use strict";(self.webpackChunkresearch_logos_co=self.webpackChunkresearch_logos_co||[]).push([[6737],{28453:(e,n,t)=>{t.d(n,{R:()=>a,x:()=>r});var s=t(96540);const i={},o=s.createContext(i);function a(e){const n=s.useContext(o);return s.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function r(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:a(e.components),s.createElement(o.Provider,{value:n},e.children)}},47877:(e,n,t)=>{t.r(n),t.d(n,{assets:()=>l,contentTitle:()=>r,default:()=>d,frontMatter:()=>a,metadata:()=>s,toc:()=>c});var s=t(88478),i=t(74848),o=t(28453);const a={layout:"post",name:"Opinion: Pseudo-ethics in the Surveillance Tech Industry",title:"Opinion: Pseudo-ethics in the Surveillance Tech Industry",date:new Date("2021-12-03T10:00:00.000Z"),authors:"circe",published:!0,slug:"ethics-surveillance-tech",categories:"research",summary:null,discuss:null},r=void 0,l={authorsImageUrls:[void 0]},c=[{value:"Preface",id:"preface",level:2},{value:"Spotlight on an industry",id:"spotlight-on-an-industry",level:2},{value:"A typical response",id:"a-typical-response",level:2},{value:"Ethics != the law",id:"ethics--the-law",level:2},{value:"The law is trailing behind",id:"the-law-is-trailing-behind",level:3},{value:"The law depends on ethics",id:"the-law-depends-on-ethics",level:3},{value:"International law is vague and exploitable",id:"international-law-is-vague-and-exploitable",level:3},{value:"Conclusion",id:"conclusion",level:2},{value:"References",id:"references",level:2}];function h(e){const n={a:"a",em:"em",h2:"h2",h3:"h3",li:"li",p:"p",ul:"ul",...(0,o.R)(),...e.components};return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(n.p,{children:"A look at typical ethical shortfalls in the global surveillance tech industry."}),"\n","\n",(0,i.jsx)(n.p,{children:(0,i.jsx)(n.em,{children:"This is an opinion piece by pseudonymous contributor, circe."})}),"\n",(0,i.jsx)(n.h2,{id:"preface",children:"Preface"}),"\n",(0,i.jsxs)(n.p,{children:["The Vac team aims to provide a public good in the form of freely available, open source tools and protocols for decentralized communication.\nAs such, we value our independence and the usefulness of our protocols for a wide range of applications.\nAt the same time, we realize that all technical development, including ours, has a moral component.\nAs a diverse team we are guided by a shared devotion to the principles of human rights and liberty.\nThis explains why we place such a high premium on security, censorship-resistance and privacy -\na stance we ",(0,i.jsx)(n.a,{href:"https://our.status.im/our-principles/",children:"share with the wider Status Network"}),".\nThe post below takes a different approach from our usual more technical analyses,\nby starting to peel back the curtain on the ethical shortfalls of the global surveillance tech industry."]}),"\n",(0,i.jsx)(n.h2,{id:"spotlight-on-an-industry",children:"Spotlight on an industry"}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.a,{href:"https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/",children:"Apple's announcement"})," of their lawsuit against Israel's NSO Group\nmarks the latest in a series of recent setbacks for the surveillance tech company.\nIn early November, the ",(0,i.jsx)(n.a,{href:"https://public-inspection.federalregister.gov/2021-24123.pdf",children:"United States blacklisted the firm"}),',\nciting concerns about the use of their spyware by foreign governments targeting civilians such as "journalists, businesspeople, activists" and more.\nThe company is already ',(0,i.jsx)(n.a,{href:"https://www.reuters.com/article/us-facebook-cyber-whatsapp-nsogroup-idUSKBN1X82BE",children:"embroiled in a lawsuit with Whatsapp"}),"\nover their exploit of the chat app's video calling service to install malware on target devices.\nNSO Group's most infamous product, ",(0,i.jsx)(n.a,{href:"https://forbiddenstories.org/case/the-pegasus-project/",children:"Pegasus"}),", operates as a hidden exploit installed on victims' mobile phones,\nsometimes without even requiring as much as an unguarded click on a malicious link.\nIt has the potential to lay bare, and report to its owners, ",(0,i.jsx)(n.em,{children:"everything"})," within the reach of the infected device.\nFor most people this amounts to a significant portion of their private lives and thoughts.\nPegasus can read your private messages (even encrypted), collect your passwords, record calls, track your location and access your device's microphone and camera.\nNo activity or application on an infected phone would be hidden."]}),"\n",(0,i.jsxs)(n.p,{children:["The latest controversies are perhaps less because of the novelty of the revelations -\nthe existence of Pegasus has been known to civil activists ",(0,i.jsx)(n.a,{href:"https://www.bbc.com/news/technology-37192670",children:"since at least 2016"}),".\nRather, the public was reminded again of the potential scope of surveillance tech\nin the indiscriminate use of Pegasus on private citizens.\nThis has far-reaching implications for human freedoms worldwide.\nEarlier this year, a ",(0,i.jsx)(n.a,{href:"https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus",children:"leaked list of over 50,000 targets"}),", or possible targets, of Pegasus included\nthe phone numbers of human rights advocates, independent journalists, lawyers and political activists.\nThis should have come as no surprise.\nThe type of autocratically inclined agents, and governments, who would venture to buy and use such invasive cyber-arms often target those they find politically inconvenient.\nPegasus, and similar technologies, simply extend the reach and capacity of such individuals and governments -\nno border or distance, no political rank or social advantage, no sanctity of profession or regard for dignity,\nprovide any indemnity from becoming a victim.\nYour best hope is to remain uninteresting enough to escape consideration."]}),"\n",(0,i.jsxs)(n.p,{children:["The NSO Group has, of course, denied allegations of culpability and questions the authenticity of the list.\nAt this stage, the latter is almost beside the point:\nAmnesty International's cybersecurity team, Security Lab, ",(0,i.jsx)(n.em,{children:"did"})," find ",(0,i.jsx)(n.a,{href:"https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/#_ftn1",children:"forensic evidence of Pegasus"})," on the phones of several volunteers whose numbers appeared on the original list,\nincluding those of journalists and human rights activists.\n(Security Lab has since opened up their ",(0,i.jsx)(n.a,{href:"https://github.com/mvt-project/mvt",children:"infection finding tool"})," to the public.)\nFrench intelligence has similarly ",(0,i.jsx)(n.a,{href:"https://www.theguardian.com/news/2021/aug/02/pegasus-spyware-found-on-journalists-phones-french-intelligence-confirms",children:"inspected and confirmed"})," infection of at least three devices belonging to journalists.\nThe phones of several people who were close to the Saudi-American journalist, Jamal Khashoggi, were ",(0,i.jsx)(n.a,{href:"https://www.bbc.com/news/world-57891506",children:"confirmed hacked"}),"\nboth before and after Khashoggi's brutal murder at the Saudi embassy in Istanbul in 2018.\n",(0,i.jsx)(n.a,{href:"https://www.theguardian.com/news/2021/sep/21/hungary-journalist-daniel-nemeth-phones-infected-with-nso-pegasus-spyware",children:"More reports"})," of confirmed Pegasus hacks are still published with some regularity.\nIt is now an open secret that many authoritarian governments have bought Pegasus.\nIt's not difficult to extrapolate from existing reports and such clients' track records\nwhat the potential injuries to human freedoms are that they can inflict with access to such a powerful cyberweapon."]}),"\n",(0,i.jsx)(n.h2,{id:"a-typical-response",children:"A typical response"}),"\n",(0,i.jsxs)(n.p,{children:[(0,i.jsx)(n.a,{href:"https://www.theguardian.com/news/2021/jul/18/response-from-nso-and-governments",children:"NSO's response"}),' to the allegations follows a textbook approach\nof avoiding earnest ethical introspection on the manufacturing, and selling, of cyber-arms.\nFirstly, shift ethical responsibility to a predetermined process, a list of checkboxes of your own making.\nThe Group, for example, claims to sell only to "vetted governments", following a classification process\nof which they have now ',(0,i.jsx)(n.a,{href:"https://www.nsogroup.com/wp-content/uploads/2021/06/ReportBooklet.pdf",children:"published some procedural details"})," but no tangible criteria.\nThe next step is to reaffirm continuously, and repetitively, your dedication to the ",(0,i.jsx)(n.em,{children:"legal"})," combat against crime,\n",(0,i.jsx)(n.a,{href:"https://www.nsogroup.com/wp-content/uploads/2021/06/ReportBooklet.pdf",children:'"legitimate law enforcement agencies"'})," (note the almost tautological phrasing),\nadherence to international arms trade laws,\ncompliance clauses in customer contracts, etc.\nThirdly, having been absolved of any moral suspicions that might exist about product and process,\nfrom conception to engineering to trade,\ndistance yourself from the consequences of its use in the world.\n",(0,i.jsx)(n.a,{href:"https://www.theguardian.com/news/2021/jul/18/response-from-nso-and-governments",children:'"NSO does not operate its technology, does not collect, nor possesses, nor has any access to any kind of data of its customers."'}),'\nIt is interesting that directly after this statement they claim with contradictory confidence that\ntheir "technology was not associated in any way with the heinous murder of Jamal Khashoggi".\nThe unapologetic tone seems hardly appropriate when the same document confirms that the Group had to\nshut down customers\' systems due to "confirmed misuse" and have had to do so "multiple times" in the past.\nGiven all this, the response manages to evade any serious interrogation of the "vetting" process itself,\nwhich forced the company to reject "approximately 15% of potential new opportunities for Pegasus" in one year.\nCourageous.']}),"\n",(0,i.jsxs)(n.p,{children:["We have heard this all before.\nThere exists a multi-billion dollar industry of private companies and engineering firms ",(0,i.jsx)(n.a,{href:"https://www.economist.com/business/2019/12/12/offering-software-for-snooping-to-governments-is-a-booming-business",children:"thriving on proceeds"})," from\nselling surveillance tools and cyber-arms to dubious agencies and foreign governments.\nIn turn, the most power-hungry and oppressive regimes often ",(0,i.jsx)(n.em,{children:"rely"})," on such technological innovations -\nfor which they lack the in-country engineering expertise -\nto maintain control, suppress uprisings, intimidate opposing journalists, and track their citizens.\nIt's a lucrative business opportunity, and resourceful companies have sprung up everywhere to supply this demand,\noften in countries where citizens, including employees of the company, would be horrified if they were similarly subject to the oppressions of their own products.\nWhen, in 2014, Italy's ",(0,i.jsx)(n.em,{children:"HackingTeam"})," were pulsed by the United Nations about their (then alleged) selling of spyware to Sudan,\nwhich would have been a contravention of the UN's weapon export ban,\nthey simply replied that their product was not controlled as a weapon and therefore not subject to such scrutiny.\nThey remained within their legal bounds, technically.\nFurthermore, they similarly shifted ethical responsibility to external standards of legitimacy,\nclaiming their ",(0,i.jsx)(n.a,{href:"https://citizenlab.ca/2014/02/mapping-hacking-teams-untraceable-spyware/",children:'"software is not sold to governments that are blacklisted by the EU, the US, NATO, and similar international organizations"'}),".\nWhen the company themselves were ",(0,i.jsx)(n.a,{href:"https://www.wired.com/2015/07/hacking-team-breach-shows-global-spying-firm-run-amok/",children:"hacked in 2015"}),",\nrevelations (confirmations, that is) of widespread misuse by repressive governments were damaging enough to force them to disappear and rebrand as Memento Labs.\n",(0,i.jsx)(n.a,{href:"https://www.mem3nt0.com/en/",children:"Their website"})," boasts an impressive list of statutes, regulations, procedures, export controls and legal frameworks,\nall of which the rebranded hackers proudly comply with.\nSurely no further ethical scrutiny is necessary?"]}),"\n",(0,i.jsx)(n.h2,{id:"ethics--the-law",children:"Ethics != the law"}),"\n",(0,i.jsx)(n.h3,{id:"the-law-is-trailing-behind",children:"The law is trailing behind"}),"\n",(0,i.jsxs)(n.p,{children:["Such recourse to the ",(0,i.jsx)(n.em,{children:"legality"}),' of your action as ethical justification is moot for several reasons.\nThe first is glaringly obvious -\nour laws are ill-equipped to address the implications of modern technology.\nLegal systems are a cumbersome inheritance built over generations.\nThis is especially true of the statutes and regulations governing international trade, behind which these companies so often hide.\nOur best legal systems are trailing miles behind the technology for which we seek guidelines.\nLegislators are still struggling to make sense of technologies like face recognition,\nthe repercussions of smart devices acting "on their own" and biases in algorithms.\nTo claim you are performing ethical due diligence by resorting to an outdated and incomplete system of legal codes is disingenuous.']}),"\n",(0,i.jsx)(n.h3,{id:"the-law-depends-on-ethics",children:"The law depends on ethics"}),"\n",(0,i.jsxs)(n.p,{children:["The second reason is more central to my argument,\nand an important flaw in these sleight of hand justifications appearing from time to time in the media.\nEthics can in no way be confused as synonymous with legality or legitimacy.\nThese are incommensurable concepts.\nIn an ideal world, of course, the law is meant to track the minimum standards of ethical conduct in a society.\nLaws are often drafted exactly from some ethical, and practical, impulse to minimize harmful conduct\nand provide for corrective and punitive measures where transgressions do occur.\nThe law, however, has a much narrower scope than ethics.\nIt can be just or unjust.\nIn fact, it is in need of ethics to constantly reform.\nEthics and values are born out of collective self-reflection.\nIt develops in our conversation with ourselves and others about the type of society we strive for.\nAs such, an ethical worldview summarizes our deepest intuitions about how we should live and measure our impact on the world.\nFor this reason, ethics is primarily enforced by social and internal pressures, not legal boundaries -\nour desire to do what ",(0,i.jsx)(n.em,{children:"ought"})," to be done, however we define that.\nEthics is therefore a much grander scheme than global legal systems\nand the diplomatic frameworks that grants legitimacy to governments.\nThese are but one limited outflow of the human aspiration to form societies in accordance with our ideologies and ethics."]}),"\n",(0,i.jsx)(n.h3,{id:"international-law-is-vague-and-exploitable",children:"International law is vague and exploitable"}),"\n",(0,i.jsxs)(n.p,{children:["Of course, the cyber-arms trade has a favorite recourse, ",(0,i.jsx)(n.em,{children:"international"}),' law, which is even more limited.\nSince such products are seldomly sold to governments and agencies within the country of production,\nit enables a further distancing from consequences.\nMany private surveillance companies are based in fairly liberal societies with (seemingly) strict emphases on human rights in their domestic laws.\nInternational laws are much more complicated - for opportunists a synonym for "more grey areas in which to hide".\nCompany conduct can now be governed, and excused, by a system that follows\nthe whims of autocrats with exploitative intent and vastly different ethical conceptions from the company\'s purported aims.\nInternational law, and the ways it is most often enforced by way of, say, UN-backed sanctions,\nhave long been shaped by the compromises of international diplomacy.\nTo be blunt: these laws are weak and subject to exactly the sort of narrow interests behind which mercenaries have always hidden.\nThe surveillance tech industry is no exception.']}),"\n",(0,i.jsx)(n.h2,{id:"conclusion",children:"Conclusion"}),"\n",(0,i.jsxs)(n.p,{children:['My point is simple:\nselling cyber-arms with the potential to become vast tools of oppression to governments and bodies with blatant histories of human rights violations,\nand all but the publicly announced intention to continue operating in this way,\nis categorically unconscionable.\nThis seems obvious no matter what ethics system you argue from,\nprovided it harbors any consideration for human dignity and freedom.\nIt is a sign of poor moral discourse that such recourses to law and legitimacy are often considered synonymous with ethical justification.\n"',(0,i.jsx)(n.em,{children:"I have acted within the bounds of law"}),'", ',(0,i.jsx)(n.em,{children:'"We supply only to legitimate law enforcement agencies"'}),', etc. are no substitutes.\nEthical conduct requires an honest evaluation of an action against some conception of "the good",\nhowever you define that.\nToo often the surveillance tech industry precisely sidesteps this question,\nboth in internal processes and external rationalisations to a concerned public.']}),"\n",(0,i.jsxs)(n.p,{children:["John Locke, he of the life-liberty-and-property, articulated the idea that government exists solely through the consent of the governed.\nTowards the end of the 17th century, he wrote in his ",(0,i.jsx)(n.em,{children:"Second Treatise on Civil Government"}),',\n"[w]henever legislators endeavor to take away,\nand destroy the property of the people, or to reduce them to slavery under arbitrary power,\nthey put themselves in a state of war with the people, who are thereupon absolved from any further obedience".\nThe inference is straightforward and humanist in essence:\nlegitimacy is not something that is conferred by governments and institutions.\nRather, they derive their legitimacy from us, their citizens, holding them to standards of ethics and societal ideals.\nThis legitimacy only remains in tact as long as this mandate is honored and continuously extended by a well-informed public.\nThis is the principle of informed consent on which all reciprocal ethics is based.']}),"\n",(0,i.jsxs)(n.p,{children:["The surveillance tech industry may well have nothing more or less noble in mind than profit-making within legal bounds\nwhen developing and selling their products.\nHowever, when such companies are revealed again and again to have supplied tools of gross human rights violations to known human rights violators,\nthey will do well to remember that ethics always ",(0,i.jsx)(n.em,{children:"precedes"}),' requirements of legality and legitimacy.\nIt is a fallacy to take normative guidance from the concept of "legitimacy"\nif the concept itself depends on such normative guidelines for definition.\nWithout examining the ethical standards by which institutions, governments, and laws, were created,\nno value-judgements about their legitimacy can be made.\nHiding behind legal compliance as substitute for moral justification is not enough.\nTargets of increasingly invasive governmental snooping are too often chosen precisely to suppress the mechanisms from which the legitimacy of such governments flow -\nthe consent of ordinary civilians.\nFree and fair elections, free speech, free media, freedom of thought are all at risk.']}),"\n",(0,i.jsx)(n.h2,{id:"references",children:"References"}),"\n",(0,i.jsxs)(n.ul,{children:["\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://our.status.im/our-principles/",children:"Status Principles"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://public-inspection.federalregister.gov/2021-24123.pdf",children:"Federal Register: Addition of Certain Entities to the Entity List"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://forbiddenstories.org/case/the-pegasus-project/",children:"forbiddenstories.org: The Pegasus Project"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://www.theguardian.com/news/series/pegasus-project",children:"theguardian.com: The Pegasus Project"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/#_ftn1",children:"amnesty.org Forensic Methodology Report: How to catch NSO Group\u2019s Pegasus"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://www.apple.com/newsroom/2021/11/apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware/",children:"Apple sues NSO Group to curb the abuse of state-sponsored spyware"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://www.bbc.com/news/technology-37192670",children:"bbc.com: Who are the hackers who cracked the iPhone?"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://www.bbc.com/news/world-57891506",children:"bbc.com: Pegasus: Who are the alleged victims of spyware targeting?"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://citizenlab.ca/2014/02/mapping-hacking-teams-untraceable-spyware/",children:"citizenlab.ca: Mapping Hacking Team\u2019s \u201cUntraceable\u201d Spyware"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://www.economist.com/business/2019/12/12/offering-software-for-snooping-to-governments-is-a-booming-business",children:"economist.com: Offering software for snooping to governments is a booming business"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://www.mem3nt0.com/en/",children:"Memento Labs"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://github.com/mvt-project/mvt",children:"Mobile Verification Toolkit to identify compromised devices"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://www.nsogroup.com/wp-content/uploads/2021/06/ReportBooklet.pdf",children:"NSO Group: Transparency and Responsibility Report 2021"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://www.reuters.com/article/us-facebook-cyber-whatsapp-nsogroup-idUSKBN1X82BE",children:"reuters.com: WhatsApp sues Israel's NSO for allegedly helping spies hack phones around the world"})}),"\n",(0,i.jsx)(n.li,{children:(0,i.jsx)(n.a,{href:"https://www.wired.com/2015/07/hacking-team-breach-shows-global-spying-firm-run-amok/",children:"wired.com: Hacking Team Breach Shows a Global Spying Firm Run Amok"})}),"\n"]})]})}function d(e={}){const{wrapper:n}={...(0,o.R)(),...e.components};return n?(0,i.jsx)(n,{...e,children:(0,i.jsx)(h,{...e})}):h(e)}},88478:e=>{e.exports=JSON.parse('{"permalink":"/rlog/ethics-surveillance-tech","source":"@site/rlog/2021-12-03-ethics-surveillance-tech.mdx","title":"Opinion: Pseudo-ethics in the Surveillance Tech Industry","description":"A look at typical ethical shortfalls in the global surveillance tech industry.","date":"2021-12-03T10:00:00.000Z","tags":[],"readingTime":11.725,"hasTruncateMarker":true,"authors":[{"name":"Circe","twitter":"vacp2p","github":"thecirce","key":"circe","page":null}],"frontMatter":{"layout":"post","name":"Opinion: Pseudo-ethics in the Surveillance Tech Industry","title":"Opinion: Pseudo-ethics in the Surveillance Tech Industry","date":"2021-12-03T10:00:00.000Z","authors":"circe","published":true,"slug":"ethics-surveillance-tech","categories":"research","summary":null,"discuss":null},"unlisted":false,"prevItem":{"title":"Introducing nwaku","permalink":"/rlog/introducing-nwaku"},"nextItem":{"title":"Waku v1 vs Waku v2: Bandwidth Comparison","permalink":"/rlog/waku-v1-v2-bandwidth-comparison"}}')}}]);
Reference in New Issue View Git Blame Copy Permalink