Here we go. I read NSO's 32 page "Transparency Report" published today so you don't have to. 🧵
It says nothing of substance. None of the "approvals" and "processes" and "misuse" and "human rights" that make up much of the report are defined.
nsogroup.com/wp-content/upl…
It says nothing of substance. None of the "approvals" and "processes" and "misuse" and "human rights" that make up much of the report are defined.
nsogroup.com/wp-content/upl…
The few glimmers of details we get confirm to me we need to be concerned about who NSO's technology is being sold to & how it's being used.
I "live chatted" my reading of this to my teammates as my frustration & rage grew. There was so much. I'll limit this to just a few. 2/12
I "live chatted" my reading of this to my teammates as my frustration & rage grew. There was so much. I'll limit this to just a few. 2/12
The main two points are:
1. We have strict processes to ensure our technology is not misused in ways that violate human rights.
2. We have no insight into how our customers use our technology.
🤔
This leads in to claims of how little misuse there is. 3/12
1. We have strict processes to ensure our technology is not misused in ways that violate human rights.
2. We have no insight into how our customers use our technology.
🤔
This leads in to claims of how little misuse there is. 3/12
balances the need for legit law enforcement activities with the risk that state actors misuse cyber intelligence products against journalists, civil society, dissidents & political opponents, & vulnerable populations - pg 11
I reject this is the choice. It's a false dilemma. 4/x
I reject this is the choice. It's a false dilemma. 4/x
"Over the past year, we have engaged with numerous NGOs" - pg 11
Who are these NGOs and what was their original position and what is it now? What was learned? Are they coming out now in support? 5/12
Who are these NGOs and what was their original position and what is it now? What was learned? Are they coming out now in support? 5/12
Another area that is emphasized is:
"Our customers are required to notify us of any
knowledge they have regarding any misuse or potential misuse of the products that may result in human rights violations."
I really trust customers to report themselves. 6/12
"Our customers are required to notify us of any
knowledge they have regarding any misuse or potential misuse of the products that may result in human rights violations."
I really trust customers to report themselves. 6/12
"our CEO includes human rights concerns in nearly all of his “all hands” meetings" - pg 29
Seriously. 32 pages of this BS fluff. 7/12
Seriously. 32 pages of this BS fluff. 7/12
Their Contracts Provisions on pg 31 begins:
1. The End-User hereby represents and warrants that it and its respective employees and agents: (i)
shall fully Appendix and strictly comply with all applicable domestic laws and regulations
WTF is "Appendix"?!
8/12
1. The End-User hereby represents and warrants that it and its respective employees and agents: (i)
shall fully Appendix and strictly comply with all applicable domestic laws and regulations
WTF is "Appendix"?!
8/12
The Contracts Provision isn't even taken seriously enough to have a real word there? If we look at the rest of the words, the end user is just agreeing to obey their own laws. There's a lot of things "legal" that are horrifying and absolutely violate human rights. 9/12
So no, I do not commend NSO for this "transparency" report because I don't think there's nothing transparent about it. I was hopeful that maybe a corner was being turned, but this is clearly just a checkbox with hand waving and no real substance. 10/12
As @tiraniddo said to me, "Maybe their plan is to waste your time you could have spent looking for their zero days." That feels about right. 11/12
P.S. "part of our human rights-focused journey" definitely gave me next season of The Bachelorette vibes. 12/12
• • •
Missing some Tweet in this thread? You can try to
force a refresh
