"The first thing I do when I get a new phone is take it apart.
I don’t do this to satisfy a tinkerer’s urge, or out of political principle, but simply because it is unsafe to operate.
Fixing the hardware, which is to say surgically removing the two or three (1/43)
@wikileaks tiny microphones hidden inside, is only the first step of an arduous process, and yet even after days of these DIY security improvements, my smartphone will remain the most dangerous item I possess.
The microphones inside my actual phone, prepped for surgery
Prior to (2/43)
@wikileaks this week’s Pegasus Project, a global reporting effort by major newspapers to expose the fatal consequences of the NSO Group—the new private-sector face of an out-of-control Insecurity Industry—
most smartphone manufacturers along with much of the world press (3/43)
@wikileaks collectively rolled their eyes at me whenever I publicly identified a fresh-out-of-the-box iPhone as a potentially lethal threat.
Despite years of reporting that implicated the NSO Group’s for-profit hacking of phones in the deaths and detentions of journalists and (4/43)
despite years of reporting that smartphone operating systems were riddled with catastrophic security flaws
(a circumstance aggravated by their code having been written in aging programming languages that have long been regarded as unsafe); (5/43)
@wikileaks and despite years of reporting that even when everything works as intended, the mobile ecosystem is a dystopian hellscape of end-user monitoring and outright end-user manipulation,
it is still hard for many people to accept that something that feels good may not in (6/43)
Over the last eight years I’ve often felt like someone trying to convince their one friend who refuses to grow up to quit smoking and cut back on the booze—meanwhile, the magazine ads still say “Nine of Ten Doctors Smoke iPhones!” and “Unsecured Mobile (7/43)
In my infinite optimism, however, I can’t help but regard the arrival of the Pegasus Project as a turning-point—a well-researched, exhaustively-sourced, and frankly crazy-making story about a “winged” “Trojan Horse” infection named “Pegasus” (8/43)
@wikileaks that basically turns the phone in your pocket into an all-powerful tracking device that can be turned on or off, remotely, unbeknownst to you, the pocket’s owner.
...
In short, the phone in your hand exists in a state of perpetual insecurity, open to infection by (9/43)
@wikileaks anyone willing to put money in the hand of this new Insecurity Industry.
The entirety of this Industry’s business involves cooking up new kinds of infections that will bypass the very latest digital vaccines—AKA security updates—and then selling them to countries that (10/43)
@wikileaks occupy the red-hot intersection of a Venn Diagram between “desperately craves the tools of oppression” and “sorely lacks the sophistication to produce them domestically.”
An Industry like this, whose sole purpose is the production of vulnerability, should be dismantled. (11/43)
2. Even if we woke up tomorrow and the NSO Group and all of its private-sector ilk had been wiped out by the eruption of a particularly public-minded volcano, it wouldn’t change the fact that we’re in the midst of the greatest crisis of computer security (12/43)
The people creating the software behind every device of any significance—the people who help to make Apple, Google, Microsoft, an amalgamation of miserly chipmakers who want to sell things, not fix things, and the well-intentioned Linux developers (13/43)
@wikileaks who want to fix things, not sell things—are all happy to write code in programming languages that we know are unsafe, because, well, that’s what they’ve always done,
and modernization requires a significant effort, not to mention significant expenditures.
The vast (14/43)
@wikileaks majority of vulnerabilities that are later discovered and exploited by the Insecurity Industry are introduced, for technical reasons related to how a computer keeps track of what it’s supposed to be doing, at the exact time the code is written, which makes choosing a (15/43)
@wikileaks safer language a crucial protection... and yet it’s one that few ever undertake.
If you want to see change, you need to incentivize change. For example, if you want to see Microsoft have a heart attack, talk about the idea of defining legal liability for bad code in a (16/43)
If you want to give Facebook nightmares, talk about the idea of making it legally liable for any and all leaks of our personal records that a jury can be persuaded were unnecessarily collected.
Imagine how quickly Mark Zuckerberg would start (17/43)
Where there is no liability, there is no accountability... and this brings us to the State.
3. State-sponsored hacking has become such a regular competition that it should have its own Olympic category in Tokyo.
Each country denounces the (18/43)
@wikileaks others’ efforts as a crime, while refusing to admit culpability for its own infractions. How, then, can we claim to be surprised when Jamaica shows up with its own bobsled team?
Or when a private company calling itself “Jamaica” shows up and claims the same right to (19/43)
This is the superficially logical reasoning that has produced pretty much every proliferation problem in the history of arms control, and the same mutually assured destruction implied by a nuclear conflict is all-but guaranteed in a digital one, due to the (21/43)
@wikileaks network’s interconnectivity, and homogeneity.
Recall our earlier topic of the NSO Group’s Pegasus, which especially but not exclusively targets iPhones.
While iPhones are more private by default and, occasionally, better-engineered from a security perspective than (22/43)
@wikileaks Google’s Android operating system, they also constitute a monoculture:
if you find a way to infect one of them, you can (probably) infect all of them, a problem exacerbated by Apple’s black-box refusal to permit customers to make any meaningful modifications to the way (23/43)
When you combine this monoculture and black-boxing with Apple’s nearly universal popularity among the global elite, the reasons for the NSO Group’s iPhone fixation become apparent.
Governments must come to understand that permitting—much less (24/43)
@wikileaks subsidizing—the existence of the NSO Group and its malevolent peers does not serve their interests, regardless of where the client, or the client-state, is situated along the authoritarian axis:
the last President of the United States spent all of his time in office (25/43)
@wikileaks when he wasn’t playing golf tweeting from an iPhone, and I would wager that half of the most senior officials and their associates in every other country were reading those tweets on their iPhones
(maybe on the golf course).
Whether we like it or not, adversaries and (26/43)
@wikileaks allies share a common environment, and with each passing day, we become increasingly dependent on devices that run a common code.
The idea that the great powers of our era—America, China, Russia, even Israel—are interested in, say, Azerbaijian attaining strategic parity (27/43)
@wikileaks in intelligence-gathering is, of course, profoundly mistaken.
These governments have simply failed to grasp the threat, because the capability-gap hasn’t vanished—yet.
Subscribe now
4. In technology as in public health, to protect anyone, we must protect everyone. (28/43)
@wikileaks The first step in this direction—at least the first digital step—must be to ban the commercial trade in intrusion software.
We do not permit a market in biological infections-as-a-service, and the same must be true for digital infections.
Eliminating the profit (29/43)
@wikileaks motive reduces the risks of proliferation while protecting progress, leaving room for publicly-minded research and inherently governmental work.
While removing intrusion software from the commercial market doesn’t also take it away from states, it does ensure that (30/43)
@wikileaks reckless drug dealers and sex-criminal Hollywood producers who can dig a few million out of their couch cushions won’t be able to infect any or every iPhone on the planet, endangering the latte-class’ shiny slabs of status.
Such a moratorium, however, is mere triage: (31/43)
It is crucial to understand that neither the scale of the NSO Group’s business, nor the consequences it has inflicted on global society, would have been possible without access to global capital from (32/43)
@wikileaks amoral firms like Novalpina Capital (Europe) and Francisco Partners (US).
The slogan is simple:
if companies are not divested, the owners should be arrested. (33/43)
@wikileaks The exclusive product of this industry is intentional, foreseeable harm, and these companies are witting accomplices. (34/43)
@wikileaks Further, when, a business is discovered to be engaging in such activities at the direction of a state, liability should move beyond more pedestrian civil and criminal codes to invoke a coordinated international response.
Diplomacy by other means 5. (35/43)
@wikileaks Imagine you’re the Washington Post’s Editorial Board (first you’ll have to get rid of your spine). (36/43)
@wikileaks Imagine having your columnist murdered and responding with a whispered appeal to the architects of that murder that next time they should just fill out a bit more paperwork. (37/43)
@wikileaks Frankly, the Post’s response to the NSO scandal is so embarrassingly weak that it is a scandal in itself:
how many of their writers need to die for them to be persuaded that process is not a substitute for prohibition? (38/43)
@wikileaks Saudi Arabia, using “Pegasus,” hacked the phones of Jamal Khashoggi’s ex-wife, and of his fiancée, and used the information gleaned to prepare for his monstrous killing and its subsequent cover-up. (39/43)
@wikileaks But Khashoggi is merely the most prominent of Pegasus’ victims — due to the cold-blooded and grisly nature of his murder.
The NSO Group’s “product” (read: “criminal service”) has been used to spy on countless other journalists, judges, and even teachers. (40/43)
@wikileaks On opposition candidates, and on targets’ spouses and children, their doctors, their lawyers, and even their priests.
This is what people who think a ban is “too extreme” always miss: (41/43)
• • •
Missing some Tweet in this thread? You can try to
force a refresh
@allthecitizens "The lack of robust mitigation measures in schools puts children at greater risk of covid-19 infection and its consequences
To: • The Rt Hon Gavin Williamson MP
...
We write as researchers, parents, and educators concerned about the impact of the pandemic on (1/39)
@allthecitizens children’s education. Like you, and in agreement with the
World Health Organization
(WHO), we recognise the importance of schools staying open over the autumn and in the longer term. However, as the WHO also notes, schools must be made safe by adopting measures to (2/39)
@allthecitizens minimise transmission of the SARS-CoV-2 virus. We are therefore writing to express our concerns about the lack of mitigations for children and educational staff, and the subsequent risk to children from covid-19 as schools reopen in England this September. We offer nine (3/39)
“Western intelligence agencies were so consumed with "counter-terrorism" that they failed to see the new dynamics at play. Certainly, that might explain the Biden administration’s assessment of the long months it would take before the regime of (1/33)
@MintPressNews Afghanistan's President Ashraf Ghani was at risk of falling.
Explicit assurances
The Taliban we see today is a far more complex, multi-ethnic and sophisticated coalition, which is why they have been able, at such breathtaking speed, to topple the western-installed (2/33)
They talk about Afghan political inclusion - and look to Iran, Russia, China and Pakistan for mediation, and to facilitate their place in the "Great Game".
The writing had long been written in blood on the wall for Afghanistan - there is a (3/33)
The recent ONS schools infection survey reported that case rates in school children were lower in June 2021 than they were in November 2020. They concluded that schools in England were not “hubs of infection,” in part due to measures in place (2/27)
@bmj_latest@chrischirp last summer such as frequent testing, isolation of contacts of new cases in schools, mask wearing (which continued in many schools even after 17 May 2021 when this was no longer mandatory), and low rates of covid in the community.
"The concept of the enemy is fundamental to conspiracy thinking — and to the various taxonomies of conspiracy itself.
Jesse Walker, an editor at Reason and author of The United States of Paranoia: A Conspiracy Theory (2013), offers the following (1/19)
@ggreenwald categories of enemy-based conspiracy thinking:
“Enemy Outside,” which pertains to conspiracy theories perpetrated by or based on actors scheming against a given identity-community from outside of it
“Enemy Within,” which pertains to conspiracy theories perpetrated by (2/19)
@ggreenwald or based on actors scheming against a given identity-community from inside of it
“Enemy Above,” which pertains to conspiracy theories perpetrated by or based on actors manipulating events from within the circles of power (government, military, the intelligence (3/19)
@wikileaks The motto of the United States Army’s Special Forces was to my younger self a hook so perfectly baited as to be irresistable:
De Oppresso Liber—“To Free the Oppressed.” (6/22)
@wikileaks Shamefully, it took me a very long time, peering down from my technocratic perch at the CIA and later the NSA, to apprehend the nature of my work:
transforming the internet—a liberating, democratizing tool—into an architecture of oppression. (7/22)
@wikileaks But before I took that step toward clarity, I struggled to apprehend the nature of our violence in Afghanistan and especially in Iraq.
“You are either with us or you are against us in the fight against terror,” said Bush the Younger. (8/22)