Share this page!

Maybe Scrolly?
John Scott-Railton Profile picture
Twitter logo
Dec 7 6 tweets 5 min read
NEW: clear US policy towards mercenary spyware industry in the new #NDAA.

And it's *bad news* for shady spyware companies.

Quick thread of highlights from Sec 6318 of this robust bit of legislation 1/
2/ First, there's a yearly reporting requirement from the intelligence community.

Including deep dive into the finances, corporate structures of mercenary spyware companies.

And their customers.

And who is actually being hacked + whether that includes targeting of US. #NDAA
3/ Next, the DNI gets the authority to prohibit purchase & use by USG of mercenary spyware.

AND can block US Intelligence from doing biz with companies that have acquired mercenary spyware.

There is a waiver authority.
4/. DNI is also directed to beef up guidance & reporting on protecting devices from foreign commercial #spyware.

+ requirement that appropriate Congressional committees get briefed if US personnel get targeted.

+ consultation with private sector to identify risks.

#NDAA
5/ #NDAA also directs DNI to report to Congress on potential for US to lead allies & Five Eyes partners to a harmonized effort to mitigate counterintelligence risks of foreign commercial #spyware.

Nightmare fuel for notorious mercenary spyware companies.
6/ Compared to original #NDAA, I note sanctions language is out, but this remains a promising first step towards tackling foreign commercial #spyware.

Let harmonization with allies begin...

NDAA amendments (I've been tweeting Sec. 6318) rules.house.gov/sites/democrat…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with John Scott-Railton

John Scott-Railton Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jsrailton

John Scott-Railton Profile picture
Dec 7
New: @Apple rolling out some long-desired security & privacy features:

✅Contact verification for messages
✅A physical security key
✅End-to-end encryption for iCloud data!

Good.

They promise to punch above their weight 1/
apple.com/newsroom/2022/… Image
2/ One of the biggest challenges with keeping users' data safe from breaches & badness has been the giant loophole of unencrypted cloud backups.

Glad to see another company leaning in.

Hopefully this will nudge others in the right direction.
support.apple.com/en-us/HT202303 Image
3/ Recommended thread by @matthew_d_green who lays out why this really matters.
Read 4 tweets
John Scott-Railton Profile picture
Dec 3
If Musk is committed to transparency over influence at #Twitter he should release *his* communications with political operatives & politicians, foreign & domestic.

Like representatives from the Chinese & Saudi governments.
Musk is treating Twitter's email & slack logs like a private political piggybank.

And he's releasing selected nuggets at his whim to achieve partisan aims.
Musk sits on a trove of correspondence that touches all sorts of officials, governments etc.

Who exactly is it who has helped him go through and select bits to release & how to frame them?

What is their agenda?
Read 10 tweets
John Scott-Railton Profile picture
Nov 30
BREAKING: @Google just exposed Variston, a previously-unknown mercenary #spyware vendor.

Based in 🇪🇸#Spain.

#Europe can't go a week without a spyware scandal. 1/

By @_clem1 & @benoitsevens at Google TAG
blog.google/threat-analysi… Continuing this work, today, we’re sharing findings on an
2/ Google's Threat Analysis Group first learned of Variston's shenanigans...from an anonymous tip.

Someone clearly had it in for the mercenary #spyware vendor.

But also: yet again, suggests that EU Governments really aren't doing much to rein in sketchy commercial players.
3/ Google TAG found Variston could exploit Chrome Browser & Firefox.

And Windows Defender.

Diverse little portfolio of ways to get onto a device.

Google thinks they were being used as 0-days before being fixed.

Ft. @ifsecure @maddiestone & @_tsuro
Read 7 tweets
John Scott-Railton Profile picture
Nov 30
Mercenary spyware was secretly flown to "blood soaked" Sudanese militia.

Uncovered thanks to an employee selfie.

Reminder: #EU inability to tackle #spyware crisis = global consequences.

Report by @cr0ft0n @telloglou @e_triantafillou
& @omerbenj
haaretz.com/israel-news/se…
Heirs to the murderous #Janjaweed have a global phone #hacking capability.

Reflect on the #NationalSecurity implications.

We've warned of this for a decade.

Yet policymakers still dither on mercenary #spyware.

It will only get worse.

More: lighthousereports.nl/investigation/…
Mercenary spyware companies persuaded regulators to leave them largely unregulated.

The #Sudan #militia sale is the logical conclusion.

These companies won't stop until they've burned our collective house down.
Read 7 tweets
John Scott-Railton Profile picture
Nov 29
NEW: #OathKeepers leader Stewart Rhodes found guilty of seditious conspiracy.

Kelly Meggs, too.

Also convicted of obstructing an official proceeding, as were OathKeepers:

Kenneth Harrelson
Jessica Watkins
Thomas Caldwell

Report: reuters.com/legal/us-jury-…
Remember this #Jan6 video by @rstevensbrody?

I do.

It sent a chill down my spine.

It motivated so many to get involved in painstaking crowdsourced efforts to identify the #OathKeepers down to the last detail of their movements during the siege.
For *weeks* after #Jan6 much of what public knew about #OathKeepers during #Jan6 was the fruit of volunteer sleuthing...

The work of a handful of visual investigations teams like the @nytimes...

And and some tenacious local & nat'l reporters.
Read 6 tweets
John Scott-Railton Profile picture
Nov 27
Watching protests in China...

Every protester surely knows something of the Chinese gov's ubiquitous surveillance apparatus.

Cameras, phone tracking, monitored apps.

Enough to pick out & punish most everyone later...

And yet they still step out.
Ubiquitous surveillance carries the universally understood implication of certain punishment for transgression.

In the long run, conditioning people to self censor is a easier to scale than punishing all of them.

It's a core part of population control in dictatorships.
Egypt, 2011: prior to Jan 25th you'd see small protests surrounded by 10x police.

Going to protest = near-certain arrest.

Then something happened. After some spontaneous protests, it became clear: gov could not punish everyone.

The fear barrier unlocked & numbers exploded.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(