Pegasus Project: What was your first reaction to what the Pegasus Project found out?
Edward Snowden: It's shocking. We're talking about something on the order of 50,000 phone numbers from a number of countries, something very aggressive. It's about journalists, it's about government officials, it's about representatives of the opposition, it's about human rights activists. It's terrible. Of course, I have long suspected that surveillance options are being abused. We saw that in 2013. But at that time it was exclusively governments that mostly worked internally and put pressure on commercial providers. The whole thing still had a facade of legitimacy or legality, procedures and procedures. That wasn't enough, it was still a failed concept, but at least it was something. What the Pegasus Project shows is that the NSO Group is really representing a new market for malware. It is a for-profit company. They don't care about laws, they don't care about rules. You sell to every reliable customer, where they feel they can get away with it and that they are not being discovered. The entire industry of commercial intrusion software manufacturers is based on a lie. They claim to protect lives and prevent crime, but in many countries they doSoftware used every day to spy on people who are not legitimate targets.
Read more: Jamal Khashoggi & Pegasus Project
In your opinion, what is the most important finding in terms of these revelations and the leak?
Edward Snowden: It's everywhere. It's an industry that shouldn't exist at all. We see what the NSO Group, possibly the most famous of these forces, is up to. But the NSO Group is just one company among many. If this one company smells this bad, what about all the others? The Pegasus project uncovered an industry that is the only product to offer infection vectors. They are not security products. They do not offer any form of protection and are not preventive in any way. They don't make vaccines. The only thing they sell is the virus . And to say that they only sell to states doesn't make it any better when you look at who the targets are that have just come out.
Edward Snowden: This is undoubtedly one of the most important cases. This kind of material is not something you get just like that and if you have access to it, you share it. Everyone is afraid: "It's so sensitive, you can't write about it." Or someone says, "You have put an ongoing investigation at risk with your actions." But how this consortium works together ... they take numbers whose owners are unknown and they confirm the identity of certain people without having to contact them and then they realize, "Oh, this person is a minister in a government and this person is the editor-in-chief a newspaper ... "These are big newspapers and central facilities that we rely on. Here a curtain is drawn back and a level of detail is shown.
Read also: Amazon gets Apple to remove an application that questioned their "reviews"
On a previous occasion you called smartphones a "spy in your pocket". Does this confirm your view?
Edward Snowden: It's even worse. When I talked about the spy in your pocket, it was about the potential, the ability and that these devices communicate with the cellular network and transmit your location. Facebook is spying on us , but these are mostly commercial programs. What we are seeing here, however, is the building of an industry that will hack these phones and go beyond the levels of spying we already know. These people take full control of the phone, turning it against the people who bought it and paid for it, but actually no longer own it. And these phones are clones. Devices such as the iPhone run the same software around the world. So if you find a waycracking an iPhone has found a way to crack them all . And that's what they do and that's what they sell. It is a knowledgeable, deliberate, and deliberate attack on critical infrastructure that everyone must rely on. It doesn't matter what flag you live under or what language you speak, we are all affected.
David Kaye, former United Nations Special Rapporteur on Freedom of Expression, said the global surveillance industry was out of control. Is he right?
Edward Snowden: There is not the slightest doubt about that. Paid surveillance services have existed before. Corporations could make bugs, hidden microphones, and sell them. But the state gets it or the local police get it, but then they have to break into someone's home, their car or their office, and we hope at least there is a valid court order to do so. Such operations are difficult and costly, in fact, they are only used where they are absolutely necessary and are halfway in proportion to the threat posed by the person being investigated. But if they can do the same thing from a distance, the cost is low and there is no risk, then they start doing this all the time, against anyone which is even rudimentarily of interest. And that shows a list of 50,000 people affected. You don't bug 50,000 houses. There are simply not enough bugging experts in all of these countries to do something like this. But if they can easily get access to what you carry around in your pocket, then they can and will.
Read more: The curious way Malaysia fights against illegal cryptocurrency mining
Your revelations highlighted the opportunities available to NSA and GCHQ. Do you think these governments could do this kind of espionage without the support of the private security industry?
Edward Snowden: That depends on the country. Let's talk about a very progressive country - yes, of course. If they have a highly developed technology market there - of course. But many of the most authoritarian countries - we are talking about Kazakhstan, Uzbekistan, Bahrain, for example - with their closed societies are not very friendly towards technological progress. So it is difficult to acquire these skills. But if you just pay someone to provide this as a service, then you can go ahead and do whatever you want. There is no cost to such a policy. What would the alternative be if these companies didn't exist? If governments just said, "We can't spy on anyone, we can't continue our investigation, That would be a difficult and costly undertaking. It would be inefficient. But we want that. These people aren't developers, they don't develop anything useful. They are infecters. They're creating ways to create some kind of disease in cell phones. You will find weaknesses, unvaccinated entry points. It's like an industry that only develops tailor-made Covid variants that are immune to the vaccines. That would be a difficult and costly undertaking. It would be inefficient. But we want that. These people aren't developers, they don't develop anything useful. They are infecters. They're creating ways to create some kind of disease in cell phones. You will find weaknesses, unvaccinated entry points. It's like an industry that only develops tailor-made Covid variants that are immune to the vaccines.
And that's what they sell, for your phone, for your computer. In other areas, such as the development of biological weapons, we cannot stop states. And what NSO created infected devices across borders, it infected clusters in communities with one patient zero. They infect all of their friends, all of their colleagues, all of the people they meet. And that wouldn't have happened - at least not in so many places, not so easily and at the same cost - if these companies hadn't been allowed to spread the virus for profit. NSO is not doing this to save the world, but for one reason - to make money.
Edward Snowden: Like all malware providers on the market, the Pegasus toolkit pursues the goal of remote code execution. This also applies to the non-commercial providers with whose help hackers around the world equip PCs with ransomware and steal money directly. In this way you can access a device without the user having to do anything, you can search for errors in the software on this device and you can run your own software, your own programs, your own instructions without the user committing any kind of error give. And according to the public, that's what Pegasus is doing. So you have achieved your goal. But at what price for society?
Read also: The new iPhone could include "Always-On-Display" technology
Who should we be more afraid of, the NSA or the NSO?
Edward Snowden: That leads back to a question that came up when I went public in 2013. People said, "Why are you afraid of the state when there are commercial companies spying on people just as much?" They thought of Facebook, Google, Amazon. And the answer was always: "As bad as what the companies do, at least they can't throw you in jail. You can't hit your car with a missile. They don't order drone strikes." So let's focus first and foremost on the state, and after reforming it, we take care of the companies. The states have stopped their reform efforts and there have been no reforms of any kind in terms of commercial surveillance methods. It has been nearly a decade since 2013, and we have seen companies like NSO Group born that run a business like never before. They don't offer any things for sale. They put people in jail, they see to it that they are killed. We're talking about a private company doing hacks in a way the NSA could too. And that should scare us more than anything, because we're not just dealing with a single company, but an entire industry.
Who do we hold accountable in this case? The company or state using this spyware?
Edward Snowden: The correct answer is of course: both. But it's not about who you hold accountable in Israel, for example, or in this particular company, for example. In my opinion, everyone who enters this market should be criminally responsible. There must be a global moratorium on the commercial trade in exploits or attack vectors. But we have to do things like conservation research. To do this, we prohibit trade and deprive the people who do of their motive for profit. If the NSO Group couldn't make money from it, it would shut down the day after tomorrow, as would all the other companies in the field. But we also need to ask ourselves a more general question in Europe and the United States: How can these companies be so commercially successful and so boldly expand around the globe? Obviously, our regulatory measures have failed. For ten years Europe has been thinking: "Maybe we can control it, maybe the problem can be solved with export controls?" Today, however, we see that export controls have completely failed in the task of controlling the impact the commercial malware industry is having on the public. And if export controls and lighter regulation don't work, then we need to think about more serious measures. In my opinion, this problem can only be solved if we place a global moratorium on the trade in this type of technology. For ten years Europe has been thinking: "Maybe we can control it, maybe the problem can be solved with export controls?" Today, however, we see that export controls have completely failed in the task of controlling the impact the commercial malware industry is having on the public. And if export controls and lighter regulation don't work, then we need to think about more serious measures. In my opinion, this problem can only be solved if we place a global moratorium on the trade in this type of technology. For ten years Europe has been thinking: "Maybe we can control it, maybe the problem can be solved with export controls?" Today, however, we see that export controls have completely failed in the task of controlling the impact the commercial malware industry is having on the public. And if export controls and lighter regulation don't work, then we need to think about more serious measures. In my opinion, this problem can only be solved if we place a global moratorium on the trade in this type of technology. that export controls have totally failed in the task of controlling the impact the commercial malware industry is having on the public. And if export controls and lighter regulation don't work, then we need to think about more serious measures. In my opinion, this problem can only be solved if we place a global moratorium on the trade in this type of technology. that export controls have totally failed in the task of controlling the impact the commercial malware industry is having on the public. And if export controls and lighter regulation don't work, then we need to think about more serious measures. In my opinion, this problem can only be solved if we place a global moratorium on the trade in this type of technology.
Read more: Netflix Now Wants To Make Video Games
Edward Snowden: What can people do to protect themselves from nuclear weapons? What can you do to protect yourself from biological or chemical weapons? There are certain industries, certain branches of the economy, from which there is no protection. For this reason we try to limit the proliferation of these technologies. We do not condone a commercial market for nuclear weapons. We do not condone commercial market for chemical or biological weapons. But when it comes to these malicious digital attack vectors, we don't do anything. We have to stop selling this intrusion technology. That's the only way we can protect ourselves. The point is to support a global moratorium on this trade.
Do You Know What I Have Posted on
0 Comments