CyberJAGO Thoughts & Opinions

JAGO

Sharing a Pragmatic View of Cybersecurity

Contending The Digital Surveillance World

The U.S. Supreme Court recently ruled that Meta’s WhatsApp can proceed with its lawsuit against an Israeli technology company it accuses of exploiting a vulnerability in the messaging app to install software to spy on 1,400 of its users, including journalists, rights activists, dissidents and lawyers.

The court rejected NSO’s claim that it can’t be sued because it was acting as an agent for unidentified foreign governments when it installed the Pegasus software.  NSO, which has been sued by Apple on similar grounds, maintains that its technology helps security officials catch terrorists and criminals.

I’d like to focus on what happens when we create things with one declared intention, but it can be twisted to serve nefarious purposes.  “With great power comes great responsibility,” as Spider-Man would say (channeling Voltaire!).  It’s not enough to count on the technology’s developer to monitor the software for abuse.

It’s also just a matter of time before somebody else breaks into a company like NSO and puts this type of extremely powerful surveillance software on the black market.  There, it can be used in entirely different contexts, like going after companies and spying on their senior executives and boards.

We must have an honest discussion about the unintended or undeclared consequences of what is being produced. In some cases, when something starts out with a noble cause, it’s just a matter of time before it spins out of control and turns into something grave.  As a society, we need to draw a line and say, we cannot bear the consequences.  There must be a robust and public debate about what nefarious consequences could be and are being unleashed by this technology.

This means getting back to the basis, to the root.  If something isn’t trusted, then access has to be denied.

We should be pushing more companies to be more transparent about how they control what is allowed into their platforms so they don’t become platforms where this kind of odious business can flourish.  Mobile phone companies and computer companies need to have greater control over what’s allowed on their devices.

The industry needs more debate over what kind of controls we should be pushing for.  We need more debate over how to push device makers to place controls on their devices to block things such as surveillance software from infecting them.  The reason for this debate is that we, as professionals and gatekeepers, should be doing good.

Today, there’s zero debate.  The way things stand now, we just have to trust device makers to do the right thing, because they’re closed sources.   

There is also the matter of what criteria do companies use to sell these types of dual-use software?  And we must not delude ourselves: even if something isn’t sold to a country because it’s blacklisted, that country could get it from another source.  

The scary part of all this is that the problematic software we know about is just that – what we know about.  Just imagine all that is unknown. 

,

CyberJago

I am a senior executive with over 25 years in the information and cyber security space with a passionate focus on technology, strategy, market share expansion, sales growth, and merger & acquisitions. Formerly the Mexico Chief Information Security Officer for a top 20 Global Bank, I love to tinker and seek solutions to the challenges of technology, regulatory compliance, and Cyber risk.