Browse > Home / Legal matters

Google and Kids: The School Push Squeezes Some New Concessions… Allegedly

August 1, 2022

I read “Chrome Use Subject to Restrictions in Dutch Schools over Data Security Concerns.” The write up reports:

Several schools and other educational organizations are having to restrict usage of Google’s software, including its Chrome browser and Chrome OS offerings over security and privacy fears. The Dutch Ministry of Education has ordered the country’s education industry to implement the changes following over fears that Google’s software is in conflict with the General Data Protection Regulation (GDPR) and other privacy-related regulations in the country.

I am not surprised. I noted that the article presents some familiar wordage; for example:

… The ministers discussed these issues with the representatives of Google, Microsoft, and Zoom, and that these companies assured the ministers that their future versions will be more transparent, and more compatible, with the country’s (and the EU bloc’s) privacy and data protection laws.

I like the “assured the ministers” phrase. It reminds me of “Senator, thank you for the question. I will forward the information to your office. And I am sorry, really, really sorry. We are constantly trying to improve.”

Improve what?

Well, in my opinion it is the collection of fine grained data, actionable intelligence, and insight into what those kiddies are doing. But that’s just my point of view. The giant technology firms just want to do good. No, really.

Do good.

Those assurances sparked an update to the original article and guess what?

… Chrome and Chrome OS are not banned in the education sector of the country, and that schools may continue using them provided that they perform certain actions themselves to strengthen data security and ensure student privacy.

Progress.

Stephen E Arnold, August 1, 2022

Written by Stephen E. Arnold · Filed Under Business strategy, Google, Government, Legal matters, Microsoft, News | Comments Off on Google and Kids: The School Push Squeezes Some New Concessions… Allegedly 

Surprise: NSO Group Pegasus Is in the News Again

July 28, 2022

On July 27, 2022, the winger wonder Pegasus cast a shadow over the desks of the House Intelligence Committee. The flapping of the mythical creatures wings could not be stilled. Gavel pounding, heavy breathing from lobbyists in the gallery, and convoluted statements by elected leaders did not cause the beastie to fly away. Nope. Pegasus with its NSO Group logo branded on its comely haunch was present. Even mythical creatures can leave behind a mess.

And it appears as if the mess is semi-permanent and odiferous.

We’re Likely Only Seeing the Tip of the Iceberg of Pegasus Spyware Use Against the US” states:

US lawmakers heard testimony from Citizen Lab senior researcher John Scott-Railton; Shane Huntley, who leads Google’s Threat Analysis Group; and Carine Kanimba, whose father was the inspiration for Hotel Rwanda and who was, herself, targeted by Pegasus spyware. This, of course, is the now-infamous malware that its developer, Israel’s NSO Group, claims is only sold to legitimate government agencies — not private companies or individuals. Once installed on a victim’s device, Pegasus can, among other things, secretly snoop on that person’s calls, messages, and other activities, and access their phone’s camera without permission.

I like the Hotel Rawanda reference. Younger elected officials may not know much about intelware, but they definitely know about the motion picture in my opinion. Hutus Tutsis and a big box office. A target of Pegasus. Credibility? Yep.

The hearings continue of July 28, 2022. According to the article:

Schiff called NSO’s software and similar eavesdropping tools “a threat to Americans,” and pointed to news reports from last year about cellphones belonging to US diplomats in Uganda being compromised by Pegasus. It is my belief that we are very likely looking at the tip of the iceberg, and that other US government personnel have had their devices compromised, whether by a nation-state using NSO’s services or tools offered by one of its lesser known but equally potent competitors,” Schiff said.

Google — the go to source for objective information — is allegedly tracking 30 firms “that sell exploits or surveillance capabilities to government-backed groups.

Just 30? Interesting, but, hey, Google knows surveillance cold I suppose.

A handful of observations:

  1. NSO Group’s Pegasus continues to capture attention like a Kentucky Derby winner which allegedly has banned substances rubbed on its belly. Some of those rub ons have a powerful scent. Even a boozy race track veterinarian can wince when checking a specific thoroughbred’s nether region.
  2. The knock on effect of NSO Group’s alleged management oversight means that scrutiny of intelware companies is going to spotlight the founders, funders, and stakeholders. I think this is like a deer standing on railroad tracks mesmerized by the bright white light heading down the rails at 60 miles per hour. In the train versus deer competitions in the past, trains hold a decided advantage.
  3. Individual companies in the specialized software business face an uncertain future.

How uncertain?

Regulations and bans seem to be on the menus in a number of countries. Also, there are a finite number of big dollar contracts for specialized software and smaller firms are going to have to get big fast, sell out to a larger company with multiple lines of law enforcement, defense, and intelligence revenue, or find a way to market without marketing “too well.”

And the “too well”?

Since NSO Group’s spotlight appearances, smaller intelware companies have had to be very careful abut their sales and marketing activities. Why? There are reporters from big time newspapers nosing around for information. There are online podcasts which have guests who talk about what specialized software can do, where the data originate, and how a “food chain” of information providers provide high value information. There are the tireless contributors of Twitter’s #OSINT threads who offer sometimes dumb and less frequently high-value nuggets about specialized services vendors. Finally, there are the marketers at specialized services firms themselves who use email blasts to tout their latest breakthroughs. Other small specialized software vendors prowl the niche law enforcement and intelligence conferences in search of sales leads. In some cases, there are more marketers than there are individuals who can license a data set, an analytics package, or the whole enchilada needed to monitor — how shall I phrase it — comprehensively. These energetic marketers learn that their employer becomes a journalist’s subject of interest.

Net net: When I reflect on the golden years of specialized software and services marketing, testing, and deploying, I have one hypotheses: NSO Group’s visibility has changed the game. There will be losers and a very few big winners. Who could have foreseen specialized software and services working like a bet on the baccarat tables in Monaco? Who anticipated NSO Group-type technology becoming “personal” to the US? I sure did not. The light at the end of the tunnel, once the train clears the deer, is that the discipline of “marketing without marketing too much” may become mainstream in France, Germany, Israel, Switzerland, and the US. I hear that train a-comin’ do you?

Stephen E Arnold, July 28, 2022

Written by Stephen E. Arnold · Filed Under Government, intelware, Legal matters, News, Policeware | Comments Off on Surprise: NSO Group Pegasus Is in the News Again 

Google and Russia: How Many Rubles Does the Online Ad Giant Have Tucked Away?

July 28, 2022

There is something called a special action underway in Eastern Europe. The knock on effects are interesting. I thought about how Google will pay a fine to a country involved in a dust up, operating under sanctions, and functioning without some of the banking services available to more acceptable nation states; for example, Luxembourg, Monaco, and a number of others. This thought was sparked by the allegedly accurate information in “Russia Fines Google $358 Million for Not Removing Banned Info.” The cited article states:

Due to the multiple violations of the same legal requirement, the following fine would be revenue-based, reaching as high as 10% of the firm’s annual turnover. Roskomnadzor clarifies that the massive fine of $358 million was indeed calculated on the basis of the company’s annual business turnover in Russia.

The write up added:

Following the Russian invasion of Ukraine and the sweeping anti-fake news laws enacted in the country, the Russian Google subsidiary, Google LLC, was forced to file for bankruptcy, claiming incapacity to continue business after a series of massive fines and, ultimately, asset confiscation.

Several questions:

  • What happens to the Russian YouTube content providers’ money? Will Google “hold” the money and invest it? Who gets the payout?
  • Will Google dip into its bag of non – US currencies and pay Russia or will that create an additional legal headache and increased financial costs?
  • Will Sergey Brin explore a ride on a Russian rocket once the possibly-improper fine is resolved?
  • How many violations can Russian officials identify? What will the price tag be if future violations of Russia’s laws, rules, and regulations are identified and levied?

And those lost advertising dollars? Yikes. That’s not good for Alphabet Google YouTube DeepMind stakeholders? Does DeepMind have a solution? Will Russian YouTube content providers trust DeepMind’s unbiased answer?

Stephen E Arnold, July 28, 2022

Written by Stephen E. Arnold · Filed Under Financial, Legal matters, News | Comments Off on Google and Russia: How Many Rubles Does the Online Ad Giant Have Tucked Away? 

Marketing Craziness Okay or Not? Socks Not Software May Provide Some Answers

July 27, 2022

I recall reading about a mid tier consulting firm which “discovered” via real mostly research that software may not work. The Powerpoints and the demos explain the big rock candy mountain world. Then the software arrives, and one gets some weird treat enjoyed east of Albania or north of Nunavut. Companies may sue software vendors, but those trials sort of whimper and die. I mean software. Obviously;y it does not work.

But socks or sox as some prefer are different.

I read “Bass Pro Getting Sued for Not Honoring Guarantee for “Redhead Lifetime Guarantee All-Purpose Wool Socks.” Yeah, socks. The write up states:

If a company puts “Lifetime Guarantee” into the name of one of its products, you would expect the product to have a lifetime guarantee. But in the case of Bass Pro, Lifetime Guarantee is apparently shorthand for “If your lifetime guarantee socks fail we will replace them with an inferior sock with a 60 day guarantee.” A man who bought a bunch of “Redhead Lifetime Guarantee All-Purpose Wool Socks” is now suing Bass Pro for being deceptive.

What about the unlimited data offered by major US telecommunications companies. How did that work out? My recollection is that “unlimited” means “limited.” Plus, the telcos can change the rules and the rates with some flexibility. What about Internet Service Providers selling 200 megabits per second and delivering on a good day maybe 30 mbs if that?

The answer is pretty clear to me. Big companies define their marketing baloney to mean whatever benefits them.

Will the socks or sox matter resolve the issue?

Sure. The consumer is king in the land of giant companies. If you want your software to work, don’t use it. If you want hole free socks, don’t wear them.

Simple fix which regulatory agencies are just thrilled to view as logical and harmless. Those guarantees were crafted by a 23 year old music theory major who specializes in 16th century religious music. What does that person know about software or socks?

Stephen E Arnold, July 27, 2022

Written by Stephen E. Arnold · Filed Under Legal matters, Marketing, News | Comments Off on Marketing Craziness Okay or Not? Socks Not Software May Provide Some Answers 

The Engadget Facebook Entanglement

July 22, 2022

Engadget is a Silicon Valley type of “real” news outfit in my opinion. The online information service published “Fired Employee Claims Facebook Created Secret Tool to Read Users’ Deleted Messages.” The main idea is that Engadget presents information illustrating some fancy dancing at Facebook. The source is a “former employee.”

The write up reports:

a fired Meta employee who claims the company set up a “protocol” to pull up certain users’ deleted posts and hand them over to law enforcement.

Interesting.

I have heard that Facebook, like some other online outfits with oodles of data, has a procedure in place to respond to legally-okayed requests for certain information. I have also heard that Facebook, like other big time information outfits, does not have the resources to respond to requests as quickly as some officials desire. At one conference, I heard a remark that suggested some Facebook professionals were often busy with other prioritized tasks. The legally-okayed requests were placed in a queue. Eventually the Zuckers got to the requests.

Pace, energy, and responsiveness — these are often the hallmarks of a successful investigation. When absent, the momentum is embedded in digital Jell-O. The treat comes in one flavor: Bureaucratic blueberry, a tangy and bitter treat.

The write up points out this allegation presented in a former employee’s complaint:

a Facebook manager briefed Lawson [a former employee who presented the information] on a new tool which, “allowed them to circumvent Facebook’s normal privacy protocols in order to access user-deleted data.

The article explains Facebook’s alleged actions, its software tools, and the former employee’s actions regarding a method for viewing deleted content.k

Several questions:

  1. The question is, “Are data really deleted or are pointers removed and the data remain in the system?” In my experience, “removing” data can be a tricky and resource intensive process.
  2. Another question which occurred to me was, “Is this alleged behavior of the Zuckbook surprising based on the firm’s behaviors manifested in Congressional hearings over the last five years? I know that I was not surprised.
  3. What are the consequences for Facebook if the allegations are in fact true? An engineer can explain that such and such a tool was little more than a modified utility routinely used to determine what content is consuming storage space allocated for a particular data table. Will the legal eagles be able to resolve a repurposed utility designed to investigate storage space?

I am also intrigued with Engadget’s interest in Facebook. My question is, “What’s the entanglement at a distance between these two remarkable companies?” Engadget finds leakers. Leakers find Engadget. Facebook stories are like replays of events on “Live at Five” TV news programs. Repetitive and routine whether “real” or cooked up like a presenter’s recollection of an event like taking fire in a helicopter flying in a war zone.

Stephen E Arnold, July 22, 2022

Written by Stephen E. Arnold · Filed Under Facebook, Legal matters, News | Comments Off on The Engadget Facebook Entanglement 

Ka-Ching: The Old Sound of New Revenue for the European Union

July 21, 2022

New billing cycle begins. Two benefits. The first is more revenue from fines on US big tech money spinners and the second is a good old school slide tackle with the cleats up. Ouch.

DMA: Council Gives Final Approval to New Rules for Fair Competition Online” states:

The [Digital Marketing Act] DMA ensures a digital level playing field that establishes clear rights and rules for large online platforms (‘gatekeepers’) and makes sure that none of them abuses their position. Regulating the digital market at EU level will create a fair and competitive digital environment, allowing companies and consumers to benefit from digital opportunities.

And the bold face? That was part of the cited announcement. Ka-ching, slide, oh, broken shin, too bad, mon ami.

The write up elaborated that the Silicon Valley type of logical and efficiency centric companies will no longer be allowed to:

  • rank their own products or services higher than those of others (self-preferencing)
  • pre-install certain apps or software, or prevent users from easily un-installing these apps or software
  • require the most important software (e.g. web browsers) to be installed by default when installing an operating system
  • prevent developers from using third-party payment platforms for app sales
  • reuse private data collected during a service for the purposes of another service.

Now the ka-ching part. Fines can be up to 20 percent of worldwide revenues. That means that the fines levied by Russia’s estimable agencies are small, brown, shriveled potatoes.

Then  the slide tackle: The high tech “way above the clouds in self confidence and entitlement” will have to “inform the European Commission of their acquisitions and mergers.”

Well, so what? That’s an email, right?

Not so fast. A failure to “inform” means the 20 percent fee kicks in. A sluggishness, a bad attitude, and the old let’s apologize tactic will beget additional legislation.

What if the big dude-oids don’t follow the rules?

Just between you and me, okay, renting an apartment in France can be complicated. Now imagine how complicated it will become when the EU creates an environment in which regulatory authorities take a close interest in any touch point with a member. How about flying into Frankfort and being escorted to a return flight to the US? What about a private jet with a happy Silicon Valley-type logo on its tail being refused access to air space? What about some of those interesting employer-employee requirements: Lunch for a French staff in Paris is trivial to employment regulations not codified in a single law.

The write up resonates with that most musical sound: Ka-ching, ka-ching, ka-ching. Why? The agreement was adopted.

Stephen E Arnold, July 21, 2022

Written by Stephen E. Arnold · Filed Under Government, Legal matters, News | Comments Off on Ka-Ching: The Old Sound of New Revenue for the European Union 

NSO Group: Lobbying Is Often Helpful

July 20, 2022

More NSO Group news. “Pegasus Spyware Maker NSO Is Conducting a Lobbying Campaign to Get Off U.S. Blacklist.” The article states as actual factual:

NSO has invested hundreds of thousands of dollars in the past year in payments to lobbyists, public relations companies and law firms in the U.S., in the hope of reversing the Biden administration’s November decision, according to public records filed under the Foreign Agent Registration Act and conversations with people familiar with the effort. These firms have approached members of the U.S. House and Senate, as well as various media outlets and think tanks across the U.S., on NSO’s behalf.

Who knew? NSO Group has been able to attract media attention for months.

The write up points out:

NSO is trying to get the matter raised during a meeting between U.S. President Joe Biden and Israeli Prime Minister Yair Lapid when the former visits Israel this week. In addition, NSO lobbyists unsuccessfully tried to set up a meeting between representatives of the company and U.S. National Security Adviser Jake Sullivan, but it did not take place. Asked for comment, an NSO spokesperson declined to comment on the campaign but “thanked” Shomrim for publishing an article on its efforts, which he described as “supportive.”

Interesting. Why won’t world leaders do what a high tech outfit providing specialized services want?

NSO Group has been trying to explain its position; for example, the cited article notes:

In a different letter distributed by the firm this year, NSO states it has “developed a human rights governance compliance program,” saying it would conduct a review of all users to see whether they might use the technology used to “violate human rights.”

In my upcoming lecture for a law enforcement group, I point out that with each passing day it is increasingly difficult to figure out what information is “valid”. As a result, the utility of open source information is eroding. Perhaps the Golden Age of OSINT is darkened with weaponized information?

Interesting?

Stephen E Arnold, July 20, 2022

Written by Stephen E. Arnold · Filed Under Business strategy, Government, intelware, Legal matters | Comments Off on NSO Group: Lobbying Is Often Helpful 

EU Consumer Groups File Privacy Complaints Against Google

July 19, 2022

The EU’s General Data Protection Regulation specifies platforms must protect users’ privacy “by design and by default.” However, the European Consumer Organisation (BEUC) asserts Google’s registration process violates that regulation. The BBC reports, “Google Sign-Up ‘Fast Track to Surveillance’, Consumer Groups Say.” The BEUC is leading a band of 10 consumer organizations in filing complaints against the company with data-protection authorities in several European countries. The Federation of German Consumer Organisations has gone so far as to send Google a warning letter. The article notes:

“The [BEUC] believes sign-up is the critical point at which Google asks users to choose how their account will operate. But the simplest one step ‘express personalisation’ process, it alleges, leaves consumers with account settings that ‘feed Google’s surveillance activities’. And the consumer organisation says Google does not provide users with the option to turn all settings ‘off’ in one click. Instead, BEUC says, it takes five steps and ten clicks to turn off the trackers Google wants to activate on a new account – these relate to web and app activity, YouTube history and personalised advertising on their account. Ursula Pachl, deputy director general of the BEUC, said: ‘It takes one simple step to let Google monitor and exploit everything you do. If you want to benefit from privacy-friendly settings, you must navigate through a longer process and a mix of unclear and misleading options’. Ms Pachl added: ‘In short, when you create a Google account, you are subjected to surveillance by design and by default. Instead, privacy protection should be the default and easiest choice for consumers.'”

We are reminded Google requires registration before one can use most of its ubiquitous services. Google insists its sign-up process makes users’ privacy options clear and simple to navigate. That may be a matter of opinion, depending on how tech savvy one is, but the insistence is a red herring. The point is that requiring users to jump through hoops to secure privacy means it cannot be considered the “default” setting, as the law requires. The effort to bring these complaints emerges as a similar complaint filed by the BEUC in Ireland in 2018 is said to be making progress, with a draft decision expected in a matter of months. Perhaps one or more of these actions will result in penalties large enough that Google cannot shrug them off as easily as a strongly worded letter. Hey, anything is possible.

Cynthia Murrell, July 22, 2022

Written by Stephen E. Arnold · Filed Under Google, Legal matters, News | Comments Off on EU Consumer Groups File Privacy Complaints Against Google 

The Zuck Thing: We Capture Data. You Are Not Permitted to Capture Facebook Data

July 12, 2022

Does anyone remember Eric Schmidt, the alleged Google adult. That senior manager was outraged about open source information about him. You can refresh your memory by scanning this CNet article. Now the Zuckster is annoyed with third parties downloading data available to anyone from Facebook aka Zuckbook. The idea! Take. Info. From. Facebook. “Meta Sues a Site Cloner Who Allegedly Scraped over 350,000 Instagram Profiles” reports:

On Tuesday [July 5, 2022], the company filed separate federal lawsuits against a company called Octopus and an individual named Ekrem Ate?. According to Meta, the former is the US subsidiary of a Chinese multinational tech firm that offers data scraping-for-hire services to individuals and companies.

I find the big company reaction amusing. It is not as hilarious as the Ernsy & Young professionals who allegedly took short cuts to pass an ethics test. Nor is it up to the level of MBAism demonstrated by some McKinsey professionals in their fancy dancing about the “opioid” engagements. But it is pretty funny to me.

It might be a tough call if I were asked to identify the most surveillance oriented big tech company. I have some possible outfits in mind; for example, possible Amazon, Apple, Zuckbook, Google, Microsoft and a few others.

I wonder if Eric Schmidt will give the Zuck some tips on dealing with the outrageous behavior of third parties who gather and recycle data on a public Web site. Imagine, using software to obtain digital information.

The one percent don’t cotton to the “other percent” behaving in a manner offensive to the masters of the datasphere in my opinion.

Stephen E Arnold, July 12, 2022

Written by Stephen E. Arnold · Filed Under Facebook, Legal matters, News | Comments Off on The Zuck Thing: We Capture Data. You Are Not Permitted to Capture Facebook Data 

EU High-Tech Laws: Now How about Enforcement?

July 6, 2022

I read a few of the dozens and dozens of posts about the European Union’s Digital Services Act and Digital Markets Act. A representative story comes from the “trust” outfit Reuters. “EU Lawmakers Pass Landmark Tech Rules, But Enforcement a Worry” states:

EU lawmakers gave the thumbs up on Tuesday to landmark rules to rein in tech giants such as Alphabet unit Google, Amazon, Apple, Facebook and Microsoft, but enforcement could be hampered by regulators’ limited resources.

Note the “but”.

Several observations:

First, have you ever visited a shared common space at a university. Remember the signs: “Clean up” and “Put trash in receptacle.” How did those work out? The new regulations may have similar impact.

Second, legal eagles defending tech giants against a legal claim are very good at finding ways to delay, put red herrings in the court’s lunch room fridge, and discerning legal nuances overlooked by legal eagles not compensated to land, root, and swoop on prey.

Third, big tech companies have been doing their best to operate autonomously for decades. Do senior executives know what happens when a new service becomes available? Here’s the answer: “Commissioner, thank you for asking that question. I will have to get back to you with the details you request.”

Yeah, regulation arrives a day late and hundreds of millions of euros for crime analysts and investigators.

Stephen E Arnold, July 6, 2022

Written by Stephen E. Arnold · Filed Under Legal matters, News | Comments Off on EU High-Tech Laws: Now How about Enforcement? 

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta